* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-08-31 19:28 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-08-31 19:28 UTC (permalink / raw
To: gentoo-commits
commit: 6c72d8f17aad3d75f420f7a255beb78e63c39415
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 19:24:39 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 19:27:50 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c72d8f1
www-servers/nginx: Version bump.
Gentoo-Bug: 558688
Package-Manager: portage-2.2.20.1
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.9.4.ebuild | 686 +++++++++++++++++++++++++++++++++++
2 files changed, 688 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6884044..d5367c8 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,7 +5,9 @@ DIST nginx-1.7.6.tar.gz 817265 SHA256 08e2efc169c9f9d511ce53ea16f17d8478ab9b0f7a
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
+DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
+DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
DIST ngx_http_ajp_module-0.3.0.tar.gz 108832 SHA256 7b3791275ef87dde153679fa459e84784da09b26d35426d61f5477903584b254 SHA512 0934ea3c7dce23e2c55ab5c9210562fcf7b38ef19dc9ca7b80daee3cd983bb5f69743d34a041d35e7089dd6f6aa73363014d0b5f04ce0a5c0d94b4b0bb2dacab WHIRLPOOL 2ebe0db7887f22fb915372ef637214a0a40d7a0b694479b7da066671bd7c64aa152c5a615f368916311f5879840e083fb7a14555d304aea5e059c079aaa9c809
DIST ngx_http_auth_pam-1.3.tar.gz 6363 SHA256 199dff5d11fbb3b6ddf9c8a60cc141970125a3f8e7a06f245e3175e93ca947e3 SHA512 3c86f709397dfd3edbd98f729193cb7b61895777d02244f1cf255ba5e4cd8e7bcb5bf537bf3d1086a513e46f117fdcb7610d7085dead35f5d36f74b5b3864ef8 WHIRLPOOL fc5b42a6a1143e9d3845e1470caa7bd60cf8e5a01e0dd53925fbf76cba072add024d24e4f926d3d0b3e27eccf5faa839b05f2549144beac6ffc43614b7ca5b19
diff --git a/www-servers/nginx/nginx-1.9.4.ebuild b/www-servers/nginx/nginx-1.9.4.ebuild
new file mode 100644
index 0000000..73c2e3b
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.4.ebuild
@@ -0,0 +1,686 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.26"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.16"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.53-2"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc"
+
+IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? ( dev-libs/openssl:0= )
+ http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use http || use http-cache; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-08-31 19:30 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-08-31 19:30 UTC (permalink / raw
To: gentoo-commits
commit: 051d652ca697e5c634e9a14e7f596ecd797afdcf
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 19:30:04 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 19:30:04 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=051d652c
www-servers/nginx: Remove old
Package-Manager: portage-2.2.20.1
www-servers/nginx/Manifest | 13 -
www-servers/nginx/nginx-1.7.12.ebuild | 683 ----------------------------------
www-servers/nginx/nginx-1.7.6.ebuild | 681 ---------------------------------
3 files changed, 1377 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index d5367c8..1959e79 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,4 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
-DIST modsecurity-apache_2.8.0.tar.gz 3940435 SHA256 95de6ec30982e5bde7981929ba89be89488e9f237ee8c4236e064b074bbb6f28 SHA512 2620d9ee0c7e40e02b908af5be916d1588f2ba55b8718495b6a3654e868973c45e8f8e794bf28b4677eb8a2d96ba427ead6ae4b26e48014bcd2b2f02013ceeef WHIRLPOOL cd90488ca5a85292bae32685ce44bcb82f46d98194636ba68f47a860c648c6933766bd56a38143f7656725fb3bd359de17f1b5513447c6ee40dbad945559fe4d
-DIST nginx-1.7.12.tar.gz 831957 SHA256 22d1f0b6d064e125b01aeb2c6171682559d2488e1b102fc48ec564aa36e66897 SHA512 54dabbf56bdc7ffde69b0a010ab5dbee7237431f35ce81c78598b2205f8af88027521920d52f95f44dffbf872c409f10f0b8dbc9328e94e9e6c5e7d8a84b14d5 WHIRLPOOL baea92734046a997d3b0282e9bb7232c9d99ca0064685930113b1cc2d152c44698726747462a9c0b9afe776393efe9f609df8064a39028995632ef046db44b4f
-DIST nginx-1.7.6.tar.gz 817265 SHA256 08e2efc169c9f9d511ce53ea16f17d8478ab9b0f7a653f212c03c61c52101599 SHA512 ac551020608e0c5ced17519509419e25513ab7a134f5e705cc8dd3866f3164c63ab7e3da9485ba5431d976978f4a9c68c5348bd102f9cb989c16f2e0ba65892a WHIRLPOOL bb247b8215fe10c6ad12df1da5e6fd7dfcd9ff441ef0bc1ecb9047ba132735a79ba4c5f0487bf8d2aee44ed940573b70ddaf0b77499d29fd4de8d9700b0ec038
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
@@ -9,32 +6,22 @@ DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea8
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
-DIST ngx_http_ajp_module-0.3.0.tar.gz 108832 SHA256 7b3791275ef87dde153679fa459e84784da09b26d35426d61f5477903584b254 SHA512 0934ea3c7dce23e2c55ab5c9210562fcf7b38ef19dc9ca7b80daee3cd983bb5f69743d34a041d35e7089dd6f6aa73363014d0b5f04ce0a5c0d94b4b0bb2dacab WHIRLPOOL 2ebe0db7887f22fb915372ef637214a0a40d7a0b694479b7da066671bd7c64aa152c5a615f368916311f5879840e083fb7a14555d304aea5e059c079aaa9c809
-DIST ngx_http_auth_pam-1.3.tar.gz 6363 SHA256 199dff5d11fbb3b6ddf9c8a60cc141970125a3f8e7a06f245e3175e93ca947e3 SHA512 3c86f709397dfd3edbd98f729193cb7b61895777d02244f1cf255ba5e4cd8e7bcb5bf537bf3d1086a513e46f117fdcb7610d7085dead35f5d36f74b5b3864ef8 WHIRLPOOL fc5b42a6a1143e9d3845e1470caa7bd60cf8e5a01e0dd53925fbf76cba072add024d24e4f926d3d0b3e27eccf5faa839b05f2549144beac6ffc43614b7ca5b19
DIST ngx_http_auth_pam-1.4.tar.gz 6502 SHA256 095742c5bcb86f2431e215db785bdeb238d594f085a0ac00d16125876a157409 SHA512 8d60347c666736ef39161b287ad32820ad6be4695f1c0f27a000d46bfc7e26c95233247d39cf37296518a6329ba73f06756d0b0b68157b0e5f67796f73264db3 WHIRLPOOL 2f0e60366cf43727c9b3aa07d2cb803a997cb9a4f48ba28e575f470bbb7c28115f41d390e306219ad130501a62e204d403bbca5ee784628fbca35b407f51702c
-DIST ngx_http_cache_purge-2.1.tar.gz 10535 SHA256 424005af0c04e59ffa65a65e446081d4f95ee76a801a7555e001c67810bcb3b9 SHA512 1b70b2c35601949edd53d55922e81425aef0b2c486b071c2bcf53db7c5278e55966ffd2c9e32f599ee63e147a395e708d442515fe414f39b323d26722324db8b WHIRLPOOL f020841139988ae516969ffcd5bf7b2c264749fef5c20a5c8f0cca70f5eddcd3efcb3676bbe9a4550535de7b53fcd7326294fcae2a14dc6bf66d1ab77205b83f
DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
-DIST ngx_http_echo-0.56.tar.gz 65109 SHA256 99027e63f5e625f28fedd163b9d18f29382ea55f079a9b7a2f16beed6a1d3ddf SHA512 4f6e87878564dddfa0e1d62414a7bbcf0726a01b7b53bc0b4be891658c39b85125fab4bb68ba7293d44c66c3ce5b967f289cf83628b2d78e9f3c01f5bcc37b75 WHIRLPOOL b5677d8133a0ad4c395479cfc29bc0b2cfb9362b55e4b27f20683beeace4830e6a0764a140a8f7dc518406769cda0f7a15cb340b2442a9c500a8e7c00fa0279a
DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
-DIST ngx_http_fancyindex-0.3.4.tar.gz 14275 SHA256 d7a84e66b3b3571e6a7e2531d00767f4354f85ce2f281d532ace2bcc35035f8b SHA512 a8a78f83f34c910e0959b04f45ba897f0c84f2a3f36d1c36cd32a8e2a5d9e53f2d0f30cf6a99ffd76edc6179cb70561984745943ec05cca10bdda7ed29c8bfe4 WHIRLPOOL eaafe4a95eed6f43efed354978040c0856ca5819ed0b141637aee0b1c0aafcf2cc205b130f0ca4de39b224dbfb7083c158a4388768fa2515890e227a43245474
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
-DIST ngx_http_headers_more-0.25-r1.tar.gz 27973 SHA256 1473f96f59dcec9d83ce65d691559993c1f80da8c0a4c0c0a30dae9f969eeabf SHA512 1a03e72ac5847b0eeada0ba1e5d5872399dd636db6aa54d10c9e53d96f4b5be4c785bf9117991d27ed558532fe9ce95d6f6c63f94f5b83350f5ea14a60c03aaf WHIRLPOOL 03a7e21814a05644bd1a459bc7b0b26dee0d4ec6ae81f4677f631fa1e4c52c679b651341d673319c6469adcf0ad8e29db58065f542e5907729a609edb6e633f4
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_lua-0.9.12.tar.gz 512403 SHA256 e85c1924ca4670d5708b58efcd6e77793c43f243317a9850a112964067f63150 SHA512 c08546c074570408f646fc7ee60e60d732763a91f10b652858d95de070bd0dd4f0d4117114fc4b46d0f32cff88b21db5f394c3fbb2d2e5f1494fc01eedb782e4 WHIRLPOOL 2223bacff56b4ef942372e4eac3b1a02f21952804b0df6c626456ac2b6894ea068b704606f8a25c47de7887e97577a771fca6ce31d7288992f6f28eb0be27022
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
-DIST ngx_http_push_stream-0.4.0.tar.gz 165341 SHA256 4662cb5680e8dada55ada47b91ef563dd0322f94d775bf1c09e90d83d12c33a6 SHA512 45e68b75f6156df73b2c45d68a9b471560459eb608203b554ecbfcbef6923e4710c92aaefb6a7f8c1d90c7dbf31f4fcc59802d0e8f5c29418be52acad0073c02 WHIRLPOOL 15f2bfa1f9b56005559b8122ce047166e48f0428677401df0b41bcbb52daa6f176c4527b02e145aec9cd3d2fa48c12bb17bc0fce2d04bd7c223b4c5ca91253a0
DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d94c0b43e1265df7fd0f1eba11a337c1e0a626 SHA512 b996c6fe48b97540d1ee9879f37aca1a4c8262ad7577d607d402a00d79f5d32676f010da303f89db18e6f90351b8bb5cf0265338cc5df8154e94d5f332a227c8 WHIRLPOOL aacf93841af0384b2be1d4075ceb23e67b89a4cac0a06fe40e2efd5f0334309ccc83e29014c9746dda9e6b59df0866f0a796c0a9dc9d14e2625a11c019c8e79d
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
-DIST ngx_http_upstream_check-0.1.9.tar.gz 116307 SHA256 b3bb240fb236ba9ae3e807de0f69aa0804d100496c1063a523b29a184e438562 SHA512 b50c15aa311e38101d9b4f6178684a43abcfa66d0483dbf62b3dc5b595d85f59b52a4f564a5f35c54966042074598fef0fc59635ea38c064ec0e8921d9c3229d WHIRLPOOL f878e4833d445a75076455aba34f85a23c0377d922d9ff3d542f887379730e127e969fe3108cd476279d7ff1aa396f686e9e7b8594fb38eb2ea36d3d928602e6
DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
-DIST ngx_rtmp-1.1.6.tar.gz 519666 SHA256 4039d1e7febd93188f729b594772d04d8a1137b2e90b12fa53bb061f200add87 SHA512 6db0cc5a3cff600a836483f9cc4ff76860e9c893167561ad818cb41e2eb4fa31af8a4213e42c7c5766e389aed0ad713cffe776aa4bc4ebf279dd63eb65d4162c WHIRLPOOL f23860df6df0de87aa7d65f2411ea7104e635e5b13987853599a06c064b93229c8a900dca84b983e0dcabac96c8918889932cd303836a3cab4ac7c6d7c2a0b10
DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5
diff --git a/www-servers/nginx/nginx-1.7.12.ebuild b/www-servers/nginx/nginx-1.7.12.ebuild
deleted file mode 100644
index 19f51b6..0000000
--- a/www-servers/nginx/nginx-1.7.12.ebuild
+++ /dev/null
@@ -1,683 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.57"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.4.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# ajp-module (https://github.com/yaoweibin/nginx_ajp_module, BSD-2)
-HTTP_AJP_MODULE_PV="0.3.0"
-HTTP_AJP_MODULE_P="ngx_http_ajp_module-${HTTP_AJP_MODULE_PV}"
-HTTP_AJP_MODULE_URI="https://github.com/yaoweibin/nginx_ajp_module/archive/v${HTTP_AJP_MODULE_PV}.tar.gz"
-HTTP_AJP_MODULE_WD="${WORKDIR}/nginx_ajp_module-${HTTP_AJP_MODULE_PV}"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_ajp? ( ${HTTP_AJP_MODULE_URI} -> ${HTTP_AJP_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
-"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-}
-
-src_prepare() {
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}"/check_1.7.2+.patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_ajp; then
- pushd "${HTTP_AJP_MODULE_WD}" > /dev/null
- epatch "${FILESDIR}"/AJP-nginx-1.7.9+.patch
- popd > /dev/null
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- epatch_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf= http_enabled= mail_enabled=
-
- use aio && myconf+=" --with-file-aio --with-aio_module"
- use debug && myconf+=" --with-debug"
- use ipv6 && myconf+=" --with-ipv6"
- use libatomic && myconf+=" --with-libatomic"
- use pcre && myconf+=" --with-pcre"
- use pcre-jit && myconf+=" --with-pcre-jit"
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=" --without-http_${mod}_module"
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=" --with-http_${mod}_module"
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=" --with-http_realip_module"
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
- myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=" --add-module=${RTMP_MODULE_WD}"
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
- fi
-
- if use nginx_modules_http_ajp ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_AJP_MODULE_WD}"
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
- fi
-
- if use http || use http-cache; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=" --without-http-cache"
- use ssl && myconf+=" --with-http_ssl_module"
- else
- myconf+=" --without-http --without-http-cache"
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=" --without-mail_${mod}_module"
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=" --with-mail"
- use ssl && myconf+=" --with-mail_ssl_module"
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=" --add-module=${mod}"
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=" --user=${PN} --group=${PN}"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- ${myconf} || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
-# README.md is still empty
-# if use nginx_modules_http_metrics; then
-# docinto ${HTTP_METRICS_MODULE_P}
-# dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
-# fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_ajp; then
- docinto ${HTTP_AJP_MODULE_P}
- dodoc "${HTTP_AJP_MODULE_WD}"/README
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
diff --git a/www-servers/nginx/nginx-1.7.6.ebuild b/www-servers/nginx/nginx-1.7.6.ebuild
deleted file mode 100644
index 9829452..0000000
--- a/www-servers/nginx/nginx-1.7.6.ebuild
+++ /dev/null
@@ -1,681 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.25"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}-r1"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.1"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/chaoslawful/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.12"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/chaoslawful/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.3"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="http://web.iti.upv.es/~sto/nginx/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}.tgz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.1.9"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.6"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.56"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.8.0"
-HTTP_SECURITY_MODULE_P="modsecurity-apache_${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.4.0"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# ajp-module (https://github.com/yaoweibin/nginx_ajp_module, BSD-2)
-HTTP_AJP_MODULE_PV="0.3.0"
-HTTP_AJP_MODULE_P="ngx_http_ajp_module-${HTTP_AJP_MODULE_PV}"
-HTTP_AJP_MODULE_URI="https://github.com/yaoweibin/nginx_ajp_module/archive/v${HTTP_AJP_MODULE_PV}.tar.gz"
-HTTP_AJP_MODULE_WD="${WORKDIR}/nginx_ajp_module-${HTTP_AJP_MODULE_PV}"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_ajp? ( ${HTTP_AJP_MODULE_URI} -> ${HTTP_AJP_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
-"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-}
-
-src_prepare() {
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}"/check_1.7.2+.patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config"
- # fix for nginx 1.7.5
- cd "${HTTP_LUA_MODULE_WD}"
- epatch "${FILESDIR}/lua-${P}.patch"
- cd "${S}"
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- epatch_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf= http_enabled= mail_enabled=
-
- use aio && myconf+=" --with-file-aio --with-aio_module"
- use debug && myconf+=" --with-debug"
- use ipv6 && myconf+=" --with-ipv6"
- use libatomic && myconf+=" --with-libatomic"
- use pcre && myconf+=" --with-pcre"
- use pcre-jit && myconf+=" --with-pcre-jit"
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=" --without-http_${mod}_module"
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=" --with-http_${mod}_module"
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=" --with-http_realip_module"
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
- myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=" --add-module=${RTMP_MODULE_WD}"
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
- fi
-
- if use nginx_modules_http_ajp ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_AJP_MODULE_WD}"
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
- fi
-
- if use http || use http-cache; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=" --without-http-cache"
- use ssl && myconf+=" --with-http_ssl_module"
- else
- myconf+=" --without-http --without-http-cache"
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=" --without-mail_${mod}_module"
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=" --with-mail"
- use ssl && myconf+=" --with-mail_ssl_module"
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=" --add-module=${mod}"
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=" --user=${PN} --group=${PN}"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/uwsgi \
- ${myconf} || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- einstall DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
-# README.md is still empty
-# if use nginx_modules_http_metrics; then
-# docinto ${HTTP_METRICS_MODULE_P}
-# dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
-# fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_ajp; then
- docinto ${HTTP_AJP_MODULE_P}
- dodoc "${HTTP_AJP_MODULE_WD}"/README
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}/${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-10-15 22:08 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-10-15 22:08 UTC (permalink / raw
To: gentoo-commits
commit: 2172df82f3653863fea6d7e05bf5d3b8aa863c0f
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 15 22:07:40 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Oct 15 22:07:40 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2172df82
www-servers/nginx: Version bump
Package-Manager: portage-2.2.23
www-servers/nginx/Manifest | 3 +
www-servers/nginx/metadata.xml | 1 +
www-servers/nginx/nginx-1.9.5.ebuild | 695 +++++++++++++++++++++++++++++++++++
3 files changed, 699 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1959e79..5df8315 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386d
DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
+DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -13,9 +14,11 @@ DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df30
DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
+DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
+DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d94c0b43e1265df7fd0f1eba11a337c1e0a626 SHA512 b996c6fe48b97540d1ee9879f37aca1a4c8262ad7577d607d402a00d79f5d32676f010da303f89db18e6f90351b8bb5cf0265338cc5df8154e94d5f332a227c8 WHIRLPOOL aacf93841af0384b2be1d4075ceb23e67b89a4cac0a06fe40e2efd5f0334309ccc83e29014c9746dda9e6b59df0866f0a796c0a9dc9d14e2625a11c019c8e79d
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index d391454..1ecde8f 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -14,6 +14,7 @@
<use>
<flag name="aio">Enables file AIO support</flag>
<flag name="http">Enable HTTP core support</flag>
+ <flag name="http2">Enable HTTP2 module support</flag>
<flag name="http-cache">Enable HTTP cache support</flag>
<flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
<flag name="luajit">Use <pkg>dev-lang/luajit</pkg> instead of <pkg>dev-lang/lua</pkg> for lua support when building the lua http module.</flag>
diff --git a/www-servers/nginx/nginx-1.9.5.ebuild b/www-servers/nginx/nginx-1.9.5.ebuild
new file mode 100644
index 0000000..a266b79
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.5.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.261"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.16"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? ( dev-libs/openssl:0= )
+ http2? ( >=dev-libs/openssl-1.0.1c:0= )
+ http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-10-15 22:08 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-10-15 22:08 UTC (permalink / raw
To: gentoo-commits
commit: f7fd9fcda53fcd9ecc1572dca3cdd39a970ae62c
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 15 22:08:26 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Oct 15 22:08:26 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7fd9fcd
www-servers/nginx: Remove old
Package-Manager: portage-2.2.23
www-servers/nginx/Manifest | 2 -
www-servers/nginx/nginx-1.9.2.ebuild | 686 -----------------------------------
www-servers/nginx/nginx-1.9.3.ebuild | 686 -----------------------------------
3 files changed, 1374 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5df8315..74b79b4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,5 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
-DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
-DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
diff --git a/www-servers/nginx/nginx-1.9.2.ebuild b/www-servers/nginx/nginx-1.9.2.ebuild
deleted file mode 100644
index b3fb3e6..0000000
--- a/www-servers/nginx/nginx-1.9.2.ebuild
+++ /dev/null
@@ -1,686 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-${PV}".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
diff --git a/www-servers/nginx/nginx-1.9.3.ebuild b/www-servers/nginx/nginx-1.9.3.ebuild
deleted file mode 100644
index c394e30..0000000
--- a/www-servers/nginx/nginx-1.9.3.ebuild
+++ /dev/null
@@ -1,686 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-10-27 20:12 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-10-27 20:12 UTC (permalink / raw
To: gentoo-commits
commit: f6c4f4374008762f9c1dc4ba3d7218ae7d7e23fa
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 27 20:12:40 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Tue Oct 27 20:12:40 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6c4f437
www-servers/nginx: Version bump
Package-Manager: portage-2.2.23
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.9.6.ebuild | 695 +++++++++++++++++++++++++++++++++++
2 files changed, 697 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 74b79b4..5691b2b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde08
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
+DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -15,6 +16,7 @@ DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae5
DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
+DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
diff --git a/www-servers/nginx/nginx-1.9.6.ebuild b/www-servers/nginx/nginx-1.9.6.ebuild
new file mode 100644
index 0000000..e82d214
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.6.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.261"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.17"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? ( dev-libs/openssl:0= )
+ http2? ( >=dev-libs/openssl-1.0.1c:0= )
+ http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-11-07 12:45 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-11-07 12:45 UTC (permalink / raw
To: gentoo-commits
commit: 4ec7c0997485fe9b4daa33220d8305b16a6ba6bc
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 7 12:45:16 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sat Nov 7 12:45:29 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ec7c099
www-servers/nginx: Remove old
Package-Manager: portage-2.2.24
www-servers/nginx/Manifest | 3 -
www-servers/nginx/nginx-1.9.4.ebuild | 686 ----------------------------------
www-servers/nginx/nginx-1.9.5.ebuild | 695 -----------------------------------
3 files changed, 1384 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5691b2b..de0ed3f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,5 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
-DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
-DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -15,7 +13,6 @@ DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
-DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
diff --git a/www-servers/nginx/nginx-1.9.4.ebuild b/www-servers/nginx/nginx-1.9.4.ebuild
deleted file mode 100644
index 73c2e3b..0000000
--- a/www-servers/nginx/nginx-1.9.4.ebuild
+++ /dev/null
@@ -1,686 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
diff --git a/www-servers/nginx/nginx-1.9.5.ebuild b/www-servers/nginx/nginx-1.9.5.ebuild
deleted file mode 100644
index a266b79..0000000
--- a/www-servers/nginx/nginx-1.9.5.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.261"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http2? ( >=dev-libs/openssl-1.0.1c:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2015-11-19 21:31 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2015-11-19 21:31 UTC (permalink / raw
To: gentoo-commits
commit: 0a9cef65478876b38d509c3a9288358fad72b5cc
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 19 21:31:46 2015 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Nov 19 21:31:46 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a9cef65
www-servers/nginx: Version bump
Package-Manager: portage-2.2.25
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.9.7.ebuild | 695 +++++++++++++++++++++++++++++++++++
2 files changed, 698 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index de0ed3f..563f535 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
+DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -12,8 +13,10 @@ DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
+DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
+DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
diff --git a/www-servers/nginx/nginx-1.9.7.ebuild b/www-servers/nginx/nginx-1.9.7.ebuild
new file mode 100644
index 0000000..f13c837
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.7.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.28"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.19"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? ( dev-libs/openssl:0= )
+ http2? ( >=dev-libs/openssl-1.0.1c:0= )
+ http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-02 19:19 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-02 19:19 UTC (permalink / raw
To: gentoo-commits
commit: 497814c88251e3bf296c7e778560c3cfba8d9120
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 2 19:19:04 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Tue Feb 2 19:19:04 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=497814c8
www-servers/nginx: Version bump
Gentoo-Bug: 573046
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.8.1.ebuild | 667 +++++++++++++++++++++++++++++++++++
2 files changed, 668 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 563f535..85b38ef 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
+DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
new file mode 100644
index 0000000..7fadd31
--- /dev/null
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -0,0 +1,667 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.26"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.53-2"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.57"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.4.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.5"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs"
+
+IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? ( dev-libs/openssl:0= )
+ http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}"/check_1.7.2+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ epatch_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf= http_enabled= mail_enabled=
+
+ use aio && myconf+=" --with-file-aio --with-aio_module"
+ use debug && myconf+=" --with-debug"
+ use ipv6 && myconf+=" --with-ipv6"
+ use libatomic && myconf+=" --with-libatomic"
+ use pcre && myconf+=" --with-pcre"
+ use pcre-jit && myconf+=" --with-pcre-jit"
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=" --without-http_${mod}_module"
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=" --with-http_${mod}_module"
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=" --with-http_realip_module"
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
+ myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=" --add-module=${RTMP_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
+ fi
+
+ if use http || use http-cache; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=" --without-http-cache"
+ use ssl && myconf+=" --with-http_ssl_module"
+ else
+ myconf+=" --without-http --without-http-cache"
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=" --without-mail_${mod}_module"
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=" --with-mail"
+ use ssl && myconf+=" --with-mail_ssl_module"
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=" --add-module=${mod}"
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=" --user=${PN} --group=${PN}"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ ${myconf} || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+# README.md is still empty
+# if use nginx_modules_http_metrics; then
+# docinto ${HTTP_METRICS_MODULE_P}
+# dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
+# fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-02 19:19 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-02 19:19 UTC (permalink / raw
To: gentoo-commits
commit: da4256a89bf28cc909f803e5e4b0a4748f1cda04
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 2 19:19:47 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Tue Feb 2 19:19:47 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da4256a8
www-servers/nginx: Remove old
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 3 -
www-servers/nginx/nginx-1.9.6.ebuild | 695 -----------------------------------
2 files changed, 698 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 85b38ef..9631b07 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -13,10 +12,8 @@ DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df30
DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
-DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
diff --git a/www-servers/nginx/nginx-1.9.6.ebuild b/www-servers/nginx/nginx-1.9.6.ebuild
deleted file mode 100644
index e82d214..0000000
--- a/www-servers/nginx/nginx-1.9.6.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.261"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.17"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http2? ( >=dev-libs/openssl-1.0.1c:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-03 16:53 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2016-02-03 16:53 UTC (permalink / raw
To: gentoo-commits
commit: fda3d5a510f8c6380d5a4e492c75b83c0cc5cb9a
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 3 16:52:55 2016 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Feb 3 16:52:55 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fda3d5a5
www-servers/nginx: amd64 stable wrt bug #573046
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.8.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
index 7fadd31..74737b9 100644
--- a/www-servers/nginx/nginx-1.8.1.ebuild
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -155,7 +155,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-03 16:54 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2016-02-03 16:54 UTC (permalink / raw
To: gentoo-commits
commit: 8ef7fbabc4133dd8f5bb0d6222b6ddedae5ccd94
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 3 16:54:31 2016 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Feb 3 16:54:31 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ef7fbab
www-servers/nginx: x86 stable wrt bug #573046
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.8.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
index 74737b9..e75a805 100644
--- a/www-servers/nginx/nginx-1.8.1.ebuild
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -155,7 +155,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-03 21:13 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-03 21:13 UTC (permalink / raw
To: gentoo-commits
commit: 850bf24442a7f7e43a0b5a5a1c877c6b98128fb2
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 3 21:13:13 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed Feb 3 21:13:13 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=850bf244
www-servers/nginx: Remove old
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.8.0.ebuild | 667 -----------------------------------
2 files changed, 668 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9631b07..bd04b04 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,4 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
-DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
diff --git a/www-servers/nginx/nginx-1.8.0.ebuild b/www-servers/nginx/nginx-1.8.0.ebuild
deleted file mode 100644
index fca2b10..0000000
--- a/www-servers/nginx/nginx-1.8.0.ebuild
+++ /dev/null
@@ -1,667 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.57"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.4.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
-"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-}
-
-src_prepare() {
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}"/check_1.7.2+.patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- epatch_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf= http_enabled= mail_enabled=
-
- use aio && myconf+=" --with-file-aio --with-aio_module"
- use debug && myconf+=" --with-debug"
- use ipv6 && myconf+=" --with-ipv6"
- use libatomic && myconf+=" --with-libatomic"
- use pcre && myconf+=" --with-pcre"
- use pcre-jit && myconf+=" --with-pcre-jit"
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=" --without-http_${mod}_module"
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=" --with-http_${mod}_module"
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=" --with-http_realip_module"
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
- myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=" --add-module=${RTMP_MODULE_WD}"
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
- fi
-
- if use http || use http-cache; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=" --without-http-cache"
- use ssl && myconf+=" --with-http_ssl_module"
- else
- myconf+=" --without-http --without-http-cache"
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=" --without-mail_${mod}_module"
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=" --with-mail"
- use ssl && myconf+=" --with-mail_ssl_module"
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=" --add-module=${mod}"
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=" --user=${PN} --group=${PN}"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- ${myconf} || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
-# README.md is still empty
-# if use nginx_modules_http_metrics; then
-# docinto ${HTTP_METRICS_MODULE_P}
-# dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
-# fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-03 21:49 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-03 21:49 UTC (permalink / raw
To: gentoo-commits
commit: f9987f337ea7cf08ada9dc9028a0a4d2de708a66
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 3 21:48:30 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed Feb 3 21:48:30 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9987f33
www-servers/nginx: Version bump
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.9.10.ebuild | 695 ++++++++++++++++++++++++++++++++++
2 files changed, 696 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index bd04b04..570f2b5 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
+DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
diff --git a/www-servers/nginx/nginx-1.9.10.ebuild b/www-servers/nginx/nginx-1.9.10.ebuild
new file mode 100644
index 0000000..6c88b32
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.10.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.28"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.19"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? ( dev-libs/openssl:0= )
+ http2? ( >=dev-libs/openssl-1.0.1c:0= )
+ http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-03 21:49 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-03 21:49 UTC (permalink / raw
To: gentoo-commits
commit: a7eeee6e1ea7e9086bafd5fb4dea24b3d7828d22
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 3 21:49:03 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed Feb 3 21:49:03 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7eeee6e
www-servers/nginx: Remove vulnerable
Gentoo-Bugs: 573046
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.9.7.ebuild | 695 -----------------------------------
2 files changed, 696 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 570f2b5..d1766ab 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
-DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
diff --git a/www-servers/nginx/nginx-1.9.7.ebuild b/www-servers/nginx/nginx-1.9.7.ebuild
deleted file mode 100644
index f13c837..0000000
--- a/www-servers/nginx/nginx-1.9.7.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.28"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.19"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http2? ( >=dev-libs/openssl-1.0.1c:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-06 14:59 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-06 14:59 UTC (permalink / raw
To: gentoo-commits
commit: 36b28f5aeb2c1684a2f9346abfecb77c03f21a83
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 6 14:58:59 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sat Feb 6 14:58:59 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b28f5a
www-servers/nginx: Fix typo in configure option
Package-Manager: portage-2.2.27
www-servers/nginx/nginx-1.9.10-r2.ebuild | 758 +++++++++++++++++++++++++++++++
1 file changed, 758 insertions(+)
diff --git a/www-servers/nginx/nginx-1.9.10-r2.ebuild b/www-servers/nginx/nginx-1.9.10-r2.ebuild
new file mode 100644
index 0000000..04ab250
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.10-r2.ebuild
@@ -0,0 +1,758 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.0"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi slice ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${stream}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-06 15:31 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-06 15:31 UTC (permalink / raw
To: gentoo-commits
commit: cd04ea1d698e2596af0004fed7a79d6cb7ab1e1b
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 6 14:59:35 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sat Feb 6 15:30:59 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd04ea1d
www-servers/nginx: Remove old
Package-Manager: portage-2.2.27
www-servers/nginx/nginx-1.9.10-r1.ebuild | 758 -------------------------------
1 file changed, 758 deletions(-)
diff --git a/www-servers/nginx/nginx-1.9.10-r1.ebuild b/www-servers/nginx/nginx-1.9.10-r1.ebuild
deleted file mode 100644
index 2d4504b..0000000
--- a/www-servers/nginx/nginx-1.9.10-r1.ebuild
+++ /dev/null
@@ -1,758 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.0"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi slice ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without_stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without_stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-07 22:04 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-07 22:04 UTC (permalink / raw
To: gentoo-commits
commit: c5f0fdc2a17f1b71a335566578476f3cd0aefa35
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 7 22:03:55 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Feb 7 22:03:55 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5f0fdc2
www-servers/nginx: Remove old
Package-Manager: portage-2.2.27
www-servers/nginx/nginx-1.9.10-r2.ebuild | 758 -------------------------------
1 file changed, 758 deletions(-)
diff --git a/www-servers/nginx/nginx-1.9.10-r2.ebuild b/www-servers/nginx/nginx-1.9.10-r2.ebuild
deleted file mode 100644
index 04ab250..0000000
--- a/www-servers/nginx/nginx-1.9.10-r2.ebuild
+++ /dev/null
@@ -1,758 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.0"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi slice ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-02-07 22:04 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-02-07 22:04 UTC (permalink / raw
To: gentoo-commits
commit: afb81059af090c6385646e141d293db9b07ae4dc
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 7 22:03:13 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Feb 7 22:03:13 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afb81059
www-servers/nginx: Fix build without slice module
Gentoo-Bug: 574020
Thanks to: Thomas D. <whissi <AT> whissi.de>
Package-Manager: portage-2.2.27
www-servers/nginx/nginx-1.9.10-r3.ebuild | 758 +++++++++++++++++++++++++++++++
1 file changed, 758 insertions(+)
diff --git a/www-servers/nginx/nginx-1.9.10-r3.ebuild b/www-servers/nginx/nginx-1.9.10-r3.ebuild
new file mode 100644
index 0000000..fe091e7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.10-r3.ebuild
@@ -0,0 +1,758 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.0"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ epatch_user
+
+ epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ epatch "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${stream}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-03-02 16:17 Jason Donenfeld
0 siblings, 0 replies; 277+ messages in thread
From: Jason Donenfeld @ 2016-03-02 16:17 UTC (permalink / raw
To: gentoo-commits
commit: 32ee5097ff7733026c9ff096f35ef9b384e17d8b
Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 2 16:17:09 2016 +0000
Commit: Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Wed Mar 2 16:17:09 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32ee5097
www-servers/nginx: work with libressl
www-servers/nginx/nginx-1.9.10-r3.ebuild | 3 +++
1 file changed, 3 insertions(+)
diff --git a/www-servers/nginx/nginx-1.9.10-r3.ebuild b/www-servers/nginx/nginx-1.9.10-r3.ebuild
index fe091e7..8aff379 100644
--- a/www-servers/nginx/nginx-1.9.10-r3.ebuild
+++ b/www-servers/nginx/nginx-1.9.10-r3.ebuild
@@ -138,6 +138,9 @@ HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-03-03 7:44 Patrice Clement
0 siblings, 0 replies; 277+ messages in thread
From: Patrice Clement @ 2016-03-03 7:44 UTC (permalink / raw
To: gentoo-commits
commit: 8e6af817cbe843501cf4c99dbb9b911aa5ce163e
Author: Thomas D <whissi <AT> whissi <DOT> de>
AuthorDate: Wed Mar 2 00:32:26 2016 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Wed Mar 2 00:32:26 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e6af817
www-servers/nginx: Bump to v1.9.12 (#574342)
Changes:
- Bumped to EAPI=6
- nginx_modules_http_fancyindex bumped to v0.3.6
- nginx_modules_http_lua bumped to v0.10.1rc1
- nginx_modules_http_auth_ldap bumped to 8517bb05ecc896b54429ca5e95137b0a386bd41a
Bug: https://bugs.gentoo.org/show_bug.cgi?id=574342
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 4 +
www-servers/nginx/nginx-1.9.12.ebuild | 758 ++++++++++++++++++++++++++++++++++
2 files changed, 762 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 87bb5d0..3888afd 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,8 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
+DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
+DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
DIST nginx-auth-ldap-d0f2f829f708792ee97a9241c9c6ffd33c47c7c1.tar.gz 16349 SHA256 7c1628d7e6ebb3a41ec916334014b74acc32dd09a0830752a2d03be0be3223c8 SHA512 2929f2b1170eef0ede4888beb8d5c0d0d45095fc1a3358dbe81b55bfc7468e53b981b1784a5fb9257a5888645d5fc3ae4fab950e6b4525f6dd0bb4d96076f0f6 WHIRLPOOL 626d88396af16373622532a349a2f21418191ad4073bb4b56980cbc5f219e40cee8786f5233ced2d7c5de698537d5337698ecc4a49181c960fbd0ac4a4ab14be
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -11,10 +13,12 @@ DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5
DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
+DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
DIST ngx_http_lua-0.10.0.tar.gz 569372 SHA256 cf31c64b107a54999fdf8b68e8b8d52d88a3c95d9307417f049c32c5687ed780 SHA512 8d1b07a040368e236a3473c5e9ed7aac6867743c08b57ffe7c708806ccee87e6dfca5412f37753f2576ca7a518acbd06fa0fd573c75e864c6bcfbed160f7221e WHIRLPOOL ec541230caf172802fb200fe11a185879a5c533cd41c3e3ba56b441aa4f82e2101f27156e8a17cda97960cc6ffa8814dc1005e7f1f8e4f7f86f0b847ed25220a
+DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
diff --git a/www-servers/nginx/nginx-1.9.12.ebuild b/www-servers/nginx/nginx-1.9.12.ebuild
new file mode 100644
index 0000000..83a0713
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.12.ebuild
@@ -0,0 +1,758 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.1rc1"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${stream}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-03-03 10:35 Jason Donenfeld
0 siblings, 0 replies; 277+ messages in thread
From: Jason Donenfeld @ 2016-03-03 10:35 UTC (permalink / raw
To: gentoo-commits
commit: 0f91d5ac7023e7f4e1124e65344845a378c6c056
Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 3 10:35:10 2016 +0000
Commit: Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Thu Mar 3 10:35:10 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f91d5ac
www-servers/nginx: Support libressl
Package-Manager: portage-2.2.27
www-servers/nginx/nginx-1.9.12.ebuild | 3 +++
1 file changed, 3 insertions(+)
diff --git a/www-servers/nginx/nginx-1.9.12.ebuild b/www-servers/nginx/nginx-1.9.12.ebuild
index 83a0713..0892a61 100644
--- a/www-servers/nginx/nginx-1.9.12.ebuild
+++ b/www-servers/nginx/nginx-1.9.12.ebuild
@@ -138,6 +138,9 @@ HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-03-06 17:21 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-03-06 17:21 UTC (permalink / raw
To: gentoo-commits
commit: d350f1eab42a00fd7930ffc59bb9120d42e56f46
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 6 17:21:34 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Mar 6 17:21:34 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d350f1ea
www-servers/nginx: Remove old
Package-Manager: portage-2.2.27
www-servers/nginx/Manifest | 5 -
www-servers/nginx/nginx-1.9.10-r3.ebuild | 761 -------------------------------
www-servers/nginx/nginx-1.9.10.ebuild | 695 ----------------------------
3 files changed, 1461 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 3888afd..b0dd032 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,9 +1,7 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
-DIST nginx-auth-ldap-d0f2f829f708792ee97a9241c9c6ffd33c47c7c1.tar.gz 16349 SHA256 7c1628d7e6ebb3a41ec916334014b74acc32dd09a0830752a2d03be0be3223c8 SHA512 2929f2b1170eef0ede4888beb8d5c0d0d45095fc1a3358dbe81b55bfc7468e53b981b1784a5fb9257a5888645d5fc3ae4fab950e6b4525f6dd0bb4d96076f0f6 WHIRLPOOL 626d88396af16373622532a349a2f21418191ad4073bb4b56980cbc5f219e40cee8786f5233ced2d7c5de698537d5337698ecc4a49181c960fbd0ac4a4ab14be
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -15,12 +13,9 @@ DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
-DIST ngx_http_lua-0.10.0.tar.gz 569372 SHA256 cf31c64b107a54999fdf8b68e8b8d52d88a3c95d9307417f049c32c5687ed780 SHA512 8d1b07a040368e236a3473c5e9ed7aac6867743c08b57ffe7c708806ccee87e6dfca5412f37753f2576ca7a518acbd06fa0fd573c75e864c6bcfbed160f7221e WHIRLPOOL ec541230caf172802fb200fe11a185879a5c533cd41c3e3ba56b441aa4f82e2101f27156e8a17cda97960cc6ffa8814dc1005e7f1f8e4f7f86f0b847ed25220a
DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
-DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
diff --git a/www-servers/nginx/nginx-1.9.10-r3.ebuild b/www-servers/nginx/nginx-1.9.10-r3.ebuild
deleted file mode 100644
index 8aff379..0000000
--- a/www-servers/nginx/nginx-1.9.10-r3.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.0"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
diff --git a/www-servers/nginx/nginx-1.9.10.ebuild b/www-servers/nginx/nginx-1.9.10.ebuild
deleted file mode 100644
index 6c88b32..0000000
--- a/www-servers/nginx/nginx-1.9.10.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.28"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.19"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? ( dev-libs/openssl:0= )
- http2? ( >=dev-libs/openssl-1.0.1c:0= )
- http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- epatch_user
-
- epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- epatch "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-03-31 3:44 Ian Delaney
0 siblings, 0 replies; 277+ messages in thread
From: Ian Delaney @ 2016-03-31 3:44 UTC (permalink / raw
To: gentoo-commits
commit: 06bff878c905f2724e0db044127752b29c6bb7fa
Author: Johan Bergström <bugs <AT> bergstroem <DOT> nu>
AuthorDate: Thu Mar 31 00:57:09 2016 +0000
Commit: Ian Delaney <idella4 <AT> gentoo <DOT> org>
CommitDate: Thu Mar 31 03:44:14 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06bff878
www-servers/nginx: version bump to 1.9.13
Update 3rd party modules:
- lua
- modsecurity
Upstream changes: http://nginx.org/en/CHANGES
Closes: https://github.com/gentoo/gentoo/pull/1169
Signed-off-by: Ian Delaney <idella4 <AT> gentoo.org>
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.9.13.ebuild | 761 ++++++++++++++++++++++++++++++++++
2 files changed, 764 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b0dd032..62b07fd 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,8 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
+DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
+DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -15,6 +17,7 @@ DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b1
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
+DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
diff --git a/www-servers/nginx/nginx-1.9.13.ebuild b/www-servers/nginx/nginx-1.9.13.ebuild
new file mode 100644
index 0000000..7b03064
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.13.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.2"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${stream}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-04-10 0:43 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-04-10 0:43 UTC (permalink / raw
To: gentoo-commits
commit: 9baaf1c4d0afdf68cb2789a6c0a00da71fe015e6
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 10 00:43:16 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Apr 10 00:43:16 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9baaf1c4
www-servers/nginx: Version bump to 1.9.14
Package-Manager: portage-2.2.28
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.9.14.ebuild | 761 ++++++++++++++++++++++++++++++++++
2 files changed, 763 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 62b07fd..67f8139 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,11 +3,13 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
+DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
DIST ngx_http_auth_pam-1.4.tar.gz 6502 SHA256 095742c5bcb86f2431e215db785bdeb238d594f085a0ac00d16125876a157409 SHA512 8d60347c666736ef39161b287ad32820ad6be4695f1c0f27a000d46bfc7e26c95233247d39cf37296518a6329ba73f06756d0b0b68157b0e5f67796f73264db3 WHIRLPOOL 2f0e60366cf43727c9b3aa07d2cb803a997cb9a4f48ba28e575f470bbb7c28115f41d390e306219ad130501a62e204d403bbca5ee784628fbca35b407f51702c
+DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca4470223e3a00d287d17c0dbdc9a114a685b6e7 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261 WHIRLPOOL 4fcaadee859f325c734aa16763702ee40284d1debcfbf5df1cb9aadf2bfc72c1e8d0e5b9d1495f34fc719f4d7fa3e653797fa7917f8fd0437fa2023a1930f667
DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
diff --git a/www-servers/nginx/nginx-1.9.14.ebuild b/www-servers/nginx/nginx-1.9.14.ebuild
new file mode 100644
index 0000000..1196931
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.14.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.2"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${stream}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-04-24 16:03 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-04-24 16:03 UTC (permalink / raw
To: gentoo-commits
commit: 73f6732e4e32cbdbad3519d7b0e5f2cd75c0be10
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 24 16:02:52 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Apr 24 16:02:52 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73f6732e
www-servers/nginx: Version bump to 1.9.15
Package-Manager: portage-2.2.28
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.9.15.ebuild | 761 ++++++++++++++++++++++++++++++++++
2 files changed, 762 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 67f8139..a3279ee 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d
DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
+DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
diff --git a/www-servers/nginx/nginx-1.9.15.ebuild b/www-servers/nginx/nginx-1.9.15.ebuild
new file mode 100644
index 0000000..1196931
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.15.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.2"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_ajp; then
+ eerror "The AJP module currently doesn't build for nginx >1.8."
+ eerror "It will be reintroduced with the 1.9 series when proven stable."
+ eerror "Either disable it or stick with nginx 1.7.x."
+ die "AJP module not supported"
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}/check-1.9.2".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${stream}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-04-24 18:16 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-04-24 18:16 UTC (permalink / raw
To: gentoo-commits
commit: 8af21e49d6429de0039df27c84685a352f0ce38a
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 24 17:18:39 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Apr 24 18:16:16 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8af21e49
www-servers/nginx: Remove old
Package-Manager: portage-2.2.28
www-servers/nginx/Manifest | 3 -
www-servers/nginx/nginx-1.9.12.ebuild | 761 ----------------------------------
www-servers/nginx/nginx-1.9.13.ebuild | 761 ----------------------------------
3 files changed, 1525 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a3279ee..e29cd6e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,8 +1,6 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
-DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
@@ -19,7 +17,6 @@ DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9
DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
-DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
diff --git a/www-servers/nginx/nginx-1.9.12.ebuild b/www-servers/nginx/nginx-1.9.12.ebuild
deleted file mode 100644
index 0892a61..0000000
--- a/www-servers/nginx/nginx-1.9.12.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.1rc1"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
diff --git a/www-servers/nginx/nginx-1.9.13.ebuild b/www-servers/nginx/nginx-1.9.13.ebuild
deleted file mode 100644
index 7b03064..0000000
--- a/www-servers/nginx/nginx-1.9.13.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-05-04 14:19 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-05-04 14:19 UTC (permalink / raw
To: gentoo-commits
commit: 18052d2432f8bdfd67092a09b5bb27702ef8763c
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed May 4 14:18:32 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed May 4 14:18:50 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18052d24
www-servers/nginx: Fix blocker
Package-Manager: portage-2.2.28
www-servers/nginx/nginx-1.10.0.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
index cc19cc7..159f891 100644
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ b/www-servers/nginx/nginx-1.10.0.ebuild
@@ -269,7 +269,7 @@ CDEPEND="
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
+ !www-servers/nginx:mainline"
DEPEND="${CDEPEND}
arm? ( dev-libs/libatomic_ops )
libatomic? ( dev-libs/libatomic_ops )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-05-04 14:19 Manuel Rüger
0 siblings, 0 replies; 277+ messages in thread
From: Manuel Rüger @ 2016-05-04 14:19 UTC (permalink / raw
To: gentoo-commits
commit: df2b27ea2f3e0d092290dd93cd007e3252779734
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed May 4 14:19:47 2016 +0000
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed May 4 14:19:47 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df2b27ea
www-servers/nginx: Remove old
Package-Manager: portage-2.2.28
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.9.14.ebuild | 761 ----------------------------------
2 files changed, 762 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 0c541fc..26d2866 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,7 +2,6 @@ DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde08
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.10.0.tar.gz 908954 SHA256 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d SHA512 495da729ce6de935399c2bf7fc0c2cd112197d9dba6d8604f639d5815cbb8bb3ff70e994f942785481e064cc1df97211f886297ee72519b332a7197999d9f14e WHIRLPOOL 889e723f635909d1b562663ed46b27edac83b63143c10c2c53e70dc6dccf3a378f8fef3f2f19641879dc9f812880b4f51ef0d438d80ede395ffda38987b13dd3
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
diff --git a/www-servers/nginx/nginx-1.9.14.ebuild b/www-servers/nginx/nginx-1.9.14.ebuild
deleted file mode 100644
index 1196931..0000000
--- a/www-servers/nginx/nginx-1.9.14.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-05-07 22:34 Patrice Clement
0 siblings, 0 replies; 277+ messages in thread
From: Patrice Clement @ 2016-05-07 22:34 UTC (permalink / raw
To: gentoo-commits
commit: d4933e328ca43fbc4a09343fe8ecbacad1dbee6e
Author: everpcpc <git <AT> everpcpc <DOT> com>
AuthorDate: Fri May 6 13:15:04 2016 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sat May 7 22:19:19 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4933e32
www-servers/nginx: Fix typo for using stream upstream module
Closes: https://github.com/gentoo/gentoo/pull/1421
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
www-servers/nginx/nginx-1.10.0.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
index ef851c4..2058354 100644
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ b/www-servers/nginx/nginx-1.10.0.ebuild
@@ -529,7 +529,7 @@ src_configure() {
myconf+=( --without-stream_upstream_least_conn_module )
myconf+=( --without-stream_upstream_zone_module )
else
- myconf+=( --without-stream_${stream}_module )
+ myconf+=( --without-stream_${mod}_module )
fi
fi
done
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-06-11 15:48 Kristian Fiskerstrand
0 siblings, 0 replies; 277+ messages in thread
From: Kristian Fiskerstrand @ 2016-06-11 15:48 UTC (permalink / raw
To: gentoo-commits
commit: e11826d4e2abd587b5324528c50c0ddc17c3da69
Author: Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Sat Jun 11 15:16:14 2016 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 15:48:11 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e11826d4
www-servers/nginx: Security cleanup
Gentoo-Bug: 584744
Package-Manager: portage-2.3.0_rc1
www-servers/nginx/Manifest | 9 -
www-servers/nginx/nginx-1.10.0.ebuild | 761 ----------------------------------
www-servers/nginx/nginx-1.9.15.ebuild | 761 ----------------------------------
3 files changed, 1531 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index aea8b5f..f9608ef 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,11 +1,8 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
-DIST nginx-1.10.0.tar.gz 908954 SHA256 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d SHA512 495da729ce6de935399c2bf7fc0c2cd112197d9dba6d8604f639d5815cbb8bb3ff70e994f942785481e064cc1df97211f886297ee72519b332a7197999d9f14e WHIRLPOOL 889e723f635909d1b562663ed46b27edac83b63143c10c2c53e70dc6dccf3a378f8fef3f2f19641879dc9f812880b4f51ef0d438d80ede395ffda38987b13dd3
DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
DIST nginx-1.11.1.tar.gz 913417 SHA256 5d8dd0197e3ffeb427729c045382182fb28db8e045c635221b2e0e6722821ad0 SHA512 01330a5200b9b5ac5788cd95b2857d2ff87bf0a073a93e3e441b89d19f12137b496e6de67145c04cc74ba88d599a7be96d622f29785e30df23fc8a657adf8b2a WHIRLPOOL e902d408f45eb9168db5a5220275896a072419660505eb45816280f1a2d2150593262d601583d2c34b521fae560fdd237e6609e85bf03a30b7721c10299a207e
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
-DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -16,27 +13,21 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca447022
DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
-DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
DIST ngx_http_echo-0.59.tar.gz 52703 SHA256 9b319ad7836202883128d2b9c24ed818082541df57ef7f2065b7557085c603cd SHA512 803c431da00160f62ee98e126d244fb97b2d9dca08137daabf55504f012598f8e2c689841c2e8bfced5f07ce24c46933c49b3feffc09ca0b5f07dc10e34546ee WHIRLPOOL a709ded0dd1af2b6c1c5da6f065834ab7715eb736f36018acf06c2c10389bf896dc4459acbbb479340b9da6f287143cd25fca7df503acea457cf0933ba67e9a1
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
-DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af4015d3988783016dc9145edebec17c7e230 SHA512 47fd9f405475f96958eb255f9051a9bde1ad8b515356bbaff8f8034ee34ecc17e3574c1d104496c5069c8986e047ca0de386f1b7d2f7317f15be98d69e74b624 WHIRLPOOL 4972eea9f6b8373b4bbcf73c66fe3dc635bc6326f264febc9a5a0fc620d44f1a3d1f98c91c1d2acb6779729a1e188c1f4a8750972266d1e463658529d37fa596
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
-DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
-DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d94c0b43e1265df7fd0f1eba11a337c1e0a626 SHA512 b996c6fe48b97540d1ee9879f37aca1a4c8262ad7577d607d402a00d79f5d32676f010da303f89db18e6f90351b8bb5cf0265338cc5df8154e94d5f332a227c8 WHIRLPOOL aacf93841af0384b2be1d4075ceb23e67b89a4cac0a06fe40e2efd5f0334309ccc83e29014c9746dda9e6b59df0866f0a796c0a9dc9d14e2625a11c019c8e79d
DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
-DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
deleted file mode 100644
index 43a0eac..0000000
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
diff --git a/www-servers/nginx/nginx-1.9.15.ebuild b/www-servers/nginx/nginx-1.9.15.ebuild
deleted file mode 100644
index 1196931..0000000
--- a/www-servers/nginx/nginx-1.9.15.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_ajp
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_ajp; then
- eerror "The AJP module currently doesn't build for nginx >1.8."
- eerror "It will be reintroduced with the 1.9 series when proven stable."
- eerror "Either disable it or stick with nginx 1.7.x."
- die "AJP module not supported"
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}/check-1.9.2".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}"
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
- ./configure \
- --enable-standalone-module \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
- fi
-
- cd "${S}"
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${stream}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 /var/log/nginx ${keepdir_list}
- fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
- # existing installations
- local fix_perms=0
-
- for rv in ${REPLACING_VERSIONS} ; do
- version_compare ${rv} 1.4.1-r2
- [[ $? -eq 1 ]] && fix_perms=1
- done
-
- if [[ $fix_perms -eq 1 ]] ; then
- ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
- ewarn "directories the world-readable bit removed (if set):"
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
- chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
- fi
-
- # If the nginx user can't change into or read the dir, display a warning.
- # If su is not available we display the warning nevertheless since we can't check properly
- su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
- if [ $? -ne 0 ] ; then
- ewarn "Please make sure that the nginx user or group has at least"
- ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
- ewarn "Otherwise you end up with empty log files after a logrotate."
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-06-11 15:48 Kristian Fiskerstrand
0 siblings, 0 replies; 277+ messages in thread
From: Kristian Fiskerstrand @ 2016-06-11 15:48 UTC (permalink / raw
To: gentoo-commits
commit: 9d8b4adb72f5912b8c121bdda6ffee72e08926d7
Author: Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Sat Jun 11 15:14:07 2016 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 15:48:05 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d8b4adb
www-servers/nginx: Version bump
Gentoo-Bug: 584212
Gentoo-Bug: 584744
Package-Manager: portage-2.3.0_rc1
www-servers/nginx/Manifest | 8 +
www-servers/nginx/nginx-1.10.1.ebuild | 754 ++++++++++++++++++++++++++++++++++
www-servers/nginx/nginx-1.11.1.ebuild | 754 ++++++++++++++++++++++++++++++++++
3 files changed, 1516 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8f597c4..aea8b5f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,8 @@
DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.10.0.tar.gz 908954 SHA256 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d SHA512 495da729ce6de935399c2bf7fc0c2cd112197d9dba6d8604f639d5815cbb8bb3ff70e994f942785481e064cc1df97211f886297ee72519b332a7197999d9f14e WHIRLPOOL 889e723f635909d1b562663ed46b27edac83b63143c10c2c53e70dc6dccf3a378f8fef3f2f19641879dc9f812880b4f51ef0d438d80ede395ffda38987b13dd3
+DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
+DIST nginx-1.11.1.tar.gz 913417 SHA256 5d8dd0197e3ffeb427729c045382182fb28db8e045c635221b2e0e6722821ad0 SHA512 01330a5200b9b5ac5788cd95b2857d2ff87bf0a073a93e3e441b89d19f12137b496e6de67145c04cc74ba88d599a7be96d622f29785e30df23fc8a657adf8b2a WHIRLPOOL e902d408f45eb9168db5a5220275896a072419660505eb45816280f1a2d2150593262d601583d2c34b521fae560fdd237e6609e85bf03a30b7721c10299a207e
DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
@@ -8,17 +10,22 @@ DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA25
DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
+DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
DIST ngx_http_auth_pam-1.4.tar.gz 6502 SHA256 095742c5bcb86f2431e215db785bdeb238d594f085a0ac00d16125876a157409 SHA512 8d60347c666736ef39161b287ad32820ad6be4695f1c0f27a000d46bfc7e26c95233247d39cf37296518a6329ba73f06756d0b0b68157b0e5f67796f73264db3 WHIRLPOOL 2f0e60366cf43727c9b3aa07d2cb803a997cb9a4f48ba28e575f470bbb7c28115f41d390e306219ad130501a62e204d403bbca5ee784628fbca35b407f51702c
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca4470223e3a00d287d17c0dbdc9a114a685b6e7 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261 WHIRLPOOL 4fcaadee859f325c734aa16763702ee40284d1debcfbf5df1cb9aadf2bfc72c1e8d0e5b9d1495f34fc719f4d7fa3e653797fa7917f8fd0437fa2023a1930f667
DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
+DIST ngx_http_echo-0.59.tar.gz 52703 SHA256 9b319ad7836202883128d2b9c24ed818082541df57ef7f2065b7557085c603cd SHA512 803c431da00160f62ee98e126d244fb97b2d9dca08137daabf55504f012598f8e2c689841c2e8bfced5f07ce24c46933c49b3feffc09ca0b5f07dc10e34546ee WHIRLPOOL a709ded0dd1af2b6c1c5da6f065834ab7715eb736f36018acf06c2c10389bf896dc4459acbbb479340b9da6f287143cd25fca7df503acea457cf0933ba67e9a1
DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
+DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af4015d3988783016dc9145edebec17c7e230 SHA512 47fd9f405475f96958eb255f9051a9bde1ad8b515356bbaff8f8034ee34ecc17e3574c1d104496c5069c8986e047ca0de386f1b7d2f7317f15be98d69e74b624 WHIRLPOOL 4972eea9f6b8373b4bbcf73c66fe3dc635bc6326f264febc9a5a0fc620d44f1a3d1f98c91c1d2acb6779729a1e188c1f4a8750972266d1e463658529d37fa596
DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
+DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
+DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
@@ -30,6 +37,7 @@ DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77
DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
+DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5
diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
new file mode 100644
index 0000000..94c82d7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -0,0 +1,754 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.30"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.0"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.5"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.59"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
diff --git a/www-servers/nginx/nginx-1.11.1.ebuild b/www-servers/nginx/nginx-1.11.1.ebuild
new file mode 100644
index 0000000..5b4e977
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.1.ebuild
@@ -0,0 +1,754 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.30"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.0"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.5"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.59"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_ajp
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}"
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}"
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN}" "--group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-06-13 12:26 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2016-06-13 12:26 UTC (permalink / raw
To: gentoo-commits
commit: 5966cca7ae7c43ecca6b2596ce7a2f2223e2153a
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 13 12:25:59 2016 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 13 12:25:59 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5966cca7
www-servers/nginx: amd64 stable wrt bug #584744
Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.10.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
index 94c82d7..a592a09 100644
--- a/www-servers/nginx/nginx-1.10.1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-06-13 12:27 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2016-06-13 12:27 UTC (permalink / raw
To: gentoo-commits
commit: 6c84185b7d5bcc3958fd88e37386e02848632eae
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 13 12:26:48 2016 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 13 12:26:48 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c84185b
www-servers/nginx: x86 stable wrt bug #584744
Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.10.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
index a592a09..55ec9b2 100644
--- a/www-servers/nginx/nginx-1.10.1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-07-26 9:51 Lars Wendler
0 siblings, 0 replies; 277+ messages in thread
From: Lars Wendler @ 2016-07-26 9:51 UTC (permalink / raw
To: gentoo-commits
commit: 3f6a2bd81eb91481c2ccc0914773410e97c02e0d
Author: Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Tue Jul 19 23:55:30 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 26 09:51:25 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f6a2bd8
www-servers/nginx: Fix user/group configure argument (bug #588000)
Bug: https://bugs.gentoo.org/588000
Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
www-servers/nginx/nginx-1.10.1-r1.ebuild | 3 ++-
www-servers/nginx/nginx-1.11.2.ebuild | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.10.1-r1.ebuild b/www-servers/nginx/nginx-1.10.1-r1.ebuild
index 5912230..3c59016 100644
--- a/www-servers/nginx/nginx-1.10.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r1.ebuild
@@ -554,7 +554,8 @@ src_configure() {
tc-export CC
if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
fi
./configure \
diff --git a/www-servers/nginx/nginx-1.11.2.ebuild b/www-servers/nginx/nginx-1.11.2.ebuild
index 0a7e068..471bfe0 100644
--- a/www-servers/nginx/nginx-1.11.2.ebuild
+++ b/www-servers/nginx/nginx-1.11.2.ebuild
@@ -560,7 +560,8 @@ src_configure() {
tc-export CC
if ! use prefix; then
- myconf+=( --user=${PN}" "--group=${PN} )
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
fi
./configure \
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-07-26 9:51 Lars Wendler
0 siblings, 0 replies; 277+ messages in thread
From: Lars Wendler @ 2016-07-26 9:51 UTC (permalink / raw
To: gentoo-commits
commit: 241566775da8ad5bb854d98aa84f0bb89757ae0c
Author: Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Wed Jul 20 00:20:06 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 26 09:51:28 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24156677
www-servers/nginx: Drop AJP HTTP module leftovers
Bug: https://bugs.gentoo.org/587844
Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
www-servers/nginx/nginx-1.10.1-r1.ebuild | 1 -
www-servers/nginx/nginx-1.11.2.ebuild | 1 -
2 files changed, 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.10.1-r1.ebuild b/www-servers/nginx/nginx-1.10.1-r1.ebuild
index 3c59016..825a13b 100644
--- a/www-servers/nginx/nginx-1.10.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r1.ebuild
@@ -198,7 +198,6 @@ NGINX_MODULES_3RD="
http_security
http_push_stream
http_sticky
- http_ajp
http_mogilefs
http_memc
http_auth_ldap"
diff --git a/www-servers/nginx/nginx-1.11.2.ebuild b/www-servers/nginx/nginx-1.11.2.ebuild
index 471bfe0..0c5275a 100644
--- a/www-servers/nginx/nginx-1.11.2.ebuild
+++ b/www-servers/nginx/nginx-1.11.2.ebuild
@@ -198,7 +198,6 @@ NGINX_MODULES_3RD="
http_security
http_push_stream
http_sticky
- http_ajp
http_mogilefs
http_memc
http_auth_ldap"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-08-10 20:44 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-08-10 20:44 UTC (permalink / raw
To: gentoo-commits
commit: 62d7ec2d20bd8695fed5fff62cdf31791e60940e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 20:44:04 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 20:44:47 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62d7ec2d
www-servers/nginx: Add myself as maintainer
Package-Manager: portage-2.3.0
www-servers/nginx/metadata.xml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 6ba5f0f..150cf04 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -6,6 +6,10 @@
<name>Tiziano Müller</name>
</maintainer>
<maintainer type="person">
+ <email>whissi@gentoo.org</email>
+ <name>Thomas Deutschmann</name>
+ </maintainer>
+ <maintainer type="person">
<email>bugs@bergstroem.nu</email>
<name>Johan Bergström</name>
<description>Co-maintainer, CC on bugs.</description>
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-08-15 11:35 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-08-15 11:35 UTC (permalink / raw
To: gentoo-commits
commit: 5075ae78397ebc8e05ba29e7e79cba0e32290eac
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 15 11:27:09 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 15 11:34:53 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5075ae78
www-servers/nginx: Dropping proxy-maintainer project; Rearranging maintainer order
Now that I am a Gentoo developer this package is no longer maintained
through proxy-maintainer project.
Rearranging maintainer order for proper bug assignment.
Package-Manager: portage-2.3.0
www-servers/nginx/metadata.xml | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 150cf04..2721de5 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -2,22 +2,18 @@
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
- <email>dev-zero@gentoo.org</email>
- <name>Tiziano Müller</name>
- </maintainer>
- <maintainer type="person">
<email>whissi@gentoo.org</email>
<name>Thomas Deutschmann</name>
</maintainer>
<maintainer type="person">
+ <email>dev-zero@gentoo.org</email>
+ <name>Tiziano Müller</name>
+ </maintainer>
+ <maintainer type="person">
<email>bugs@bergstroem.nu</email>
<name>Johan Bergström</name>
<description>Co-maintainer, CC on bugs.</description>
</maintainer>
- <maintainer type="project">
- <email>proxy-maint@gentoo.org</email>
- <name>Proxy Maintainers</name>
- </maintainer>
<use>
<flag name="aio">Enables file AIO support</flag>
<flag name="http">Enable HTTP core support</flag>
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-09-03 21:10 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-09-03 21:10 UTC (permalink / raw
To: gentoo-commits
commit: f3c2a26e1f50d245e6f06413b99f9d6102679999
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 3 21:10:29 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Sep 3 21:10:29 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3c2a26e
www-servers/nginx: Revision bump to update 3rd-party modules
- nginx-upload-progress-module v0.9.1 -> v0.9.2
- headers-more-nginx-module v0.30 -> 0.31
- ngx-fancyindex v0.4.0 -> v0.4.1 (bug #592464)
- lua-nginx-module v0.10.5 -> 0.10.6
- nginx-rtmp-module v1.1.8 -> v1.1.9
- echo-nginx-module v0.59 -> 0.60
Gentoo-Bug: https://bugs.gentoo.org/592464
Package-Manager: portage-2.3.0
www-servers/nginx/Manifest | 6 +
www-servers/nginx/nginx-1.11.3-r2.ebuild | 782 +++++++++++++++++++++++++++++++
2 files changed, 788 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index da1e09c..3f50206 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -8,16 +8,22 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca447022
DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
DIST ngx_http_echo-0.59.tar.gz 52703 SHA256 9b319ad7836202883128d2b9c24ed818082541df57ef7f2065b7557085c603cd SHA512 803c431da00160f62ee98e126d244fb97b2d9dca08137daabf55504f012598f8e2c689841c2e8bfced5f07ce24c46933c49b3feffc09ca0b5f07dc10e34546ee WHIRLPOOL a709ded0dd1af2b6c1c5da6f065834ab7715eb736f36018acf06c2c10389bf896dc4459acbbb479340b9da6f287143cd25fca7df503acea457cf0933ba67e9a1
+DIST ngx_http_echo-0.60.tar.gz 52771 SHA256 1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c WHIRLPOOL 8938ac18aae74a5c4806ff3611c243c9bee108ef93fef7b0da284040c2ec2d9a57cb3cad9e3719cb795bbb063176d7afe81b7288ebacf5096d26b16e5ef34da6
DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af4015d3988783016dc9145edebec17c7e230 SHA512 47fd9f405475f96958eb255f9051a9bde1ad8b515356bbaff8f8034ee34ecc17e3574c1d104496c5069c8986e047ca0de386f1b7d2f7317f15be98d69e74b624 WHIRLPOOL 4972eea9f6b8373b4bbcf73c66fe3dc635bc6326f264febc9a5a0fc620d44f1a3d1f98c91c1d2acb6779729a1e188c1f4a8750972266d1e463658529d37fa596
+DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
+DIST ngx_http_headers_more-0.31.tar.gz 27941 SHA256 b2e8162cce2d24861b1ed5bbb30fc51d5215e3f4bb9d01f53fc344904d5911e7 SHA512 bc6b936dff9989af9eb97864e5e9499748ea8c73b2f49a24ad00d2a90bf77d1d743e6789f7bf3948a7baaaa44b0cc9f48a1c8a52bce9902a13c88e1f6673c6e1 WHIRLPOOL 79dd5ecb8eaabf6d81380888b687a962339c93d6bff14c88156782d5846d1121d33e0851ab27b44fb1b9f2035484093327fb92559e655dbdc6362faddb76b5e2
DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
+DIST ngx_http_lua-0.10.6.tar.gz 597217 SHA256 b98c4f648589bbf3e2c3d5fd18664e7a7ef89ac083e96c8e984fa919e7a7c073 SHA512 202aaf39381d151d5f456e5cd61c87b65fa20ece997f7e517a3eb3912af3a153747a674ac004dbcc474728567ff58436cfb408accd5e922d805b1d697c34774c WHIRLPOOL c4fd64114d74afbaba02c3e7bb1c5562281636624a581c6535f6aa310886f766b9cf0e63a8921599c617d411d5ec920e4b08b54588bfac7cf4c24e8ffc13d26b
DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
+DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5
DIST ngx_rtmp-1.1.8.tar.gz 519647 SHA256 de5866111a5b18c9dfb1c10f3a0e84b56af77f7005a41807368f7769b8a50965 SHA512 554249b1b8bb70952a0585dcc5c55c70daa63f2eba5ef35f8b1a4932fdfd6c95b0a48739857ba8dcab08ff1e91d048f3dc43bf65250890fd7a679cdabfed880a WHIRLPOOL a8cd4361419fbae97f199d788078c62ffc442158d0338aa677e5d6d21fb27a336da85e901ee6463ff6b33201092575237d5b6f20a1d80d924ac6591cbb75c9d7
+DIST ngx_rtmp-1.1.9.tar.gz 519807 SHA256 46d914e3ba1f4c2353c1ef01a7423305255cb78226c84fac419586f849b7ea55 SHA512 888c268eb0371649e9bf971462e20472f819946f49ef5e50af97d0590a03df6d37c1fa8016eb7ea81faa0c212c429618d399102f513b029c66226d48e444f70c WHIRLPOOL 94fc496b059549a56338cd51e0bbf9a3b11b10640e1ef83e1e7cdb2845dfecde012e0951003665e02bff4ef45870b78e399d4194997cb082647dbcd638cc9716
diff --git a/www-servers/nginx/nginx-1.11.3-r2.ebuild b/www-servers/nginx/nginx-1.11.3-r2.ebuild
new file mode 100644
index 00000000..883918d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.3-r2.ebuild
@@ -0,0 +1,782 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.9"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+ eapply "${FILESDIR}/${PN}-1.11.3-fix-build-without-stream_ssl_module.patch"
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}" || die
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS}; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+ ewarn "parameter to an empty string per default when you are sourcing the default"
+ ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-09-03 21:35 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-09-03 21:35 UTC (permalink / raw
To: gentoo-commits
commit: f03aacc3dc9a83ef1a9e89aa73eb081f0f36badf
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 3 21:34:08 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Sep 3 21:35:19 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f03aacc3
www-servers/nginx: Bump ebuild of stable slot to update 3rd-party modules
Backport of commit f3c2a26e1f50d245e6f06413b99f9d6102679999 from mainline:
- nginx-upload-progress-module v0.9.1 -> v0.9.2
- headers-more-nginx-module v0.30 -> 0.31
- ngx-fancyindex v0.4.0 -> v0.4.1 (bug #592464)
- lua-nginx-module v0.10.5 -> 0.10.6
- nginx-rtmp-module v1.1.8 -> v1.1.9
- echo-nginx-module v0.59 -> 0.60
Gentoo-Bug: https://bugs.gentoo.org/592464
Package-Manager: portage-2.3.0
www-servers/nginx/nginx-1.10.1-r3.ebuild | 768 +++++++++++++++++++++++++++++++
1 file changed, 768 insertions(+)
diff --git a/www-servers/nginx/nginx-1.10.1-r3.ebuild b/www-servers/nginx/nginx-1.10.1-r3.ebuild
new file mode 100644
index 00000000..fe9f071
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.1-r3.ebuild
@@ -0,0 +1,768 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.9"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}" || die
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS}; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+ ewarn "parameter to an empty string per default when you are sourcing the default"
+ ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-10-12 19:48 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-10-12 19:48 UTC (permalink / raw
To: gentoo-commits
commit: 313dfd88a20fa556e9175fff7fea0eabc97c6c1e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 12 19:38:28 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Oct 12 19:48:06 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=313dfd88
www-servers/nginx: Bump to v1.10.1-r4 stable
Ebuild changes:
===============
- NAXSI updated to v0.55.1
- rtmp module updated to v1.1.10
- LDAP authentication module updated to commit dbcef31b to fix some
segmentation faults
Package-Manager: portage-2.3.2
www-servers/nginx/nginx-1.10.1-r4.ebuild | 768 +++++++++++++++++++++++++++++++
1 file changed, 768 insertions(+)
diff --git a/www-servers/nginx/nginx-1.10.1-r4.ebuild b/www-servers/nginx/nginx-1.10.1-r4.ebuild
new file mode 100644
index 00000000..4e28658
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.1-r4.ebuild
@@ -0,0 +1,768 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( >=dev-libs/libpcre-4.2 )
+ pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+ nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}" || die
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS}; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+ ewarn "parameter to an empty string per default when you are sourcing the default"
+ ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-10-15 19:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-10-15 19:04 UTC (permalink / raw
To: gentoo-commits
commit: c7f5fede92086cd68a6a0e52015c0af3442b4737
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 15 19:03:26 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Oct 15 19:03:58 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7f5fede
www-servers/nginx: Adjust dependencies/slot operators
Package-Manager: portage-2.3.2
www-servers/nginx/nginx-1.10.1-r3.ebuild | 24 ++++++++++++++++--------
www-servers/nginx/nginx-1.10.1-r4.ebuild | 24 ++++++++++++++++--------
www-servers/nginx/nginx-1.10.1.ebuild | 24 ++++++++++++++++--------
www-servers/nginx/nginx-1.11.4.ebuild | 24 ++++++++++++++++--------
www-servers/nginx/nginx-1.11.5.ebuild | 24 ++++++++++++++++--------
5 files changed, 80 insertions(+), 40 deletions(-)
diff --git a/www-servers/nginx/nginx-1.10.1-r3.ebuild b/www-servers/nginx/nginx-1.10.1-r3.ebuild
index fe9f071..8716c66 100644
--- a/www-servers/nginx/nginx-1.10.1-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r3.ebuild
@@ -230,8 +230,8 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
@@ -250,21 +250,27 @@ CDEPEND="
nginx_modules_http_gunzip? ( sys-libs/zlib )
nginx_modules_http_gzip? ( sys-libs/zlib )
nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
)
)
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
@@ -356,6 +362,8 @@ src_configure() {
fi
./configure \
--enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
$(use_enable pcre-jit) \
$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
fi
diff --git a/www-servers/nginx/nginx-1.10.1-r4.ebuild b/www-servers/nginx/nginx-1.10.1-r4.ebuild
index 4e28658..f5a4f5e 100644
--- a/www-servers/nginx/nginx-1.10.1-r4.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r4.ebuild
@@ -230,8 +230,8 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
@@ -250,21 +250,27 @@ CDEPEND="
nginx_modules_http_gunzip? ( sys-libs/zlib )
nginx_modules_http_gzip? ( sys-libs/zlib )
nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
)
)
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
@@ -356,6 +362,8 @@ src_configure() {
fi
./configure \
--enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
$(use_enable pcre-jit) \
$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
fi
diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
index 630624b..6365eb4 100644
--- a/www-servers/nginx/nginx-1.10.1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -231,8 +231,8 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
@@ -251,21 +251,27 @@ CDEPEND="
nginx_modules_http_gunzip? ( sys-libs/zlib )
nginx_modules_http_gzip? ( sys-libs/zlib )
nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
)
)
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
@@ -356,6 +362,8 @@ src_configure() {
fi
./configure \
--enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
$(use_enable pcre-jit) \
$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
fi
diff --git a/www-servers/nginx/nginx-1.11.4.ebuild b/www-servers/nginx/nginx-1.11.4.ebuild
index a94f39d..228aa6f 100644
--- a/www-servers/nginx/nginx-1.11.4.ebuild
+++ b/www-servers/nginx/nginx-1.11.4.ebuild
@@ -237,8 +237,8 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
@@ -257,21 +257,27 @@ CDEPEND="
nginx_modules_http_gunzip? ( sys-libs/zlib )
nginx_modules_http_gzip? ( sys-libs/zlib )
nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
)
)
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
@@ -369,6 +375,8 @@ src_configure() {
fi
./configure \
--enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
$(use_enable pcre-jit) \
$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
fi
diff --git a/www-servers/nginx/nginx-1.11.5.ebuild b/www-servers/nginx/nginx-1.11.5.ebuild
index 3f951db..c5ed9be 100644
--- a/www-servers/nginx/nginx-1.11.5.ebuild
+++ b/www-servers/nginx/nginx-1.11.5.ebuild
@@ -237,8 +237,8 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
- pcre? ( >=dev-libs/libpcre-4.2 )
- pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
@@ -257,21 +257,27 @@ CDEPEND="
nginx_modules_http_gunzip? ( sys-libs/zlib )
nginx_modules_http_gzip? ( sys-libs/zlib )
nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
- nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:= )
)
)
- nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
@@ -364,6 +370,8 @@ src_configure() {
fi
./configure \
--enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
$(use_enable pcre-jit) \
$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
fi
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-10-19 0:01 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-10-19 0:01 UTC (permalink / raw
To: gentoo-commits
commit: c017ceffdefb7a8cf24518702e1c1958d490a4ea
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 00:00:44 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 00:01:35 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c017ceff
www-servers/nginx: Bump to v1.10.2 stable
Package-Manager: portage-2.3.2
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.10.2.ebuild | 776 ++++++++++++++++++++++++++++++++++
2 files changed, 777 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index af7423c..b76141c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
+DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
DIST nginx-1.11.4.tar.gz 949793 SHA256 06221c1f43f643bc6bfe5b2c26d19e09f2588d5cde6c65bdb77dfcce7c026b3b SHA512 c6a03c440a274576434aa74932b3fa7cd49174d9e2d8c6e480838637f33f158e31b6f25cac97e158f386bb92f62ff9636c2d3ac1a552e27a860eb9448e2f3f94 WHIRLPOOL 53c371cb34bc55f28d0a0915e08a4fdeffcfcbc8571628db086e0a75627c926693f2faba8608f0c444bc79df244b7f321e6017eda0eb7710d2ccb6f25aac8b75
DIST nginx-1.11.5.tar.gz 956517 SHA256 223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 SHA512 f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c WHIRLPOOL fba49ae277ec2114b06eb0fdce87161ac7bd3e0ca90387dc58caf327c5f12056be07eeba677ff37c59e7d759054ec276ce4db647250774c57588619a1803592c
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
diff --git a/www-servers/nginx/nginx-1.10.2.ebuild b/www-servers/nginx/nginx-1.10.2.ebuild
new file mode 100644
index 00000000..f5a4f5e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.2.ebuild
@@ -0,0 +1,776 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+ fi
+
+ cd "${S}" || die
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS}; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+ ewarn "parameter to an empty string per default when you are sourcing the default"
+ ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2016-11-15 21:49 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2016-11-15 21:49 UTC (permalink / raw
To: gentoo-commits
commit: c0ed68db3717a8b594e37e690a036723dfea8a5c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 21:40:35 2016 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 21:48:54 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0ed68db
www-servers/nginx: Bump to v1.10.2-r2 stable
Ebuild changes:
===============
- ngx_headers_more module updated to v0.32
- LUA module updated to v0.10.7
- Patch for ngx_memc added to solve a build issue with
latest nginx [Link 1]
Link 1: https://github.com/openresty/memc-nginx-module/issues/26
Package-Manager: portage-2.3.2
www-servers/nginx/nginx-1.10.2-r2.ebuild | 802 +++++++++++++++++++++++++++++++
1 file changed, 802 insertions(+)
diff --git a/www-servers/nginx/nginx-1.10.2-r2.ebuild b/www-servers/nginx/nginx-1.10.2-r2.ebuild
new file mode 100644
index 00000000..c71ba25
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.2-r2.ebuild
@@ -0,0 +1,802 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_memc; then
+ cd "${HTTP_MEMC_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 /var/log/nginx ${keepdir_list}
+ fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ # This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+ # existing installations
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS}; do
+ version_compare ${rv} 1.4.1-r2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+ ewarn "directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+ chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+ fi
+
+ # If the nginx user can't change into or read the dir, display a warning.
+ # If su is not available we display the warning nevertheless since we can't check properly
+ su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+ if [ $? -ne 0 ] ; then
+ ewarn "Please make sure that the nginx user or group has at least"
+ ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+ ewarn "Otherwise you end up with empty log files after a logrotate."
+ fi
+
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+ ewarn "parameter to an empty string per default when you are sourcing the default"
+ ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-07 23:43 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-01-07 23:43 UTC (permalink / raw
To: gentoo-commits
commit: ad6c115214db8d4fca1b9c4484e89d202d9ea9cb
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 7 23:43:34 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Jan 7 23:43:34 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad6c1152
www-servers/nginx: Bump to v1.11.8 (bug #603864)
Package-Manager: Portage-2.3.3, Repoman-2.3.1
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.11.8.ebuild | 999 ++++++++++++++++++++++++++++++++++
2 files changed, 1000 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f950922..92392ff 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323f
DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
DIST nginx-1.11.5.tar.gz 956517 SHA256 223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 SHA512 f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c WHIRLPOOL fba49ae277ec2114b06eb0fdce87161ac7bd3e0ca90387dc58caf327c5f12056be07eeba677ff37c59e7d759054ec276ce4db647250774c57588619a1803592c
DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
+DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
new file mode 100644
index 00000000..d4ad6b0
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.8.ebuild
@@ -0,0 +1,999 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_memc; then
+ cd "${HTTP_MEMC_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-10 14:56 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2017-01-10 14:56 UTC (permalink / raw
To: gentoo-commits
commit: 3bff797e180eb661b58c01f1a9779a702dac0978
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 14:54:22 2017 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 14:54:22 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bff797e
www-servers/nginx: amd64 stable wrt bug #605008
Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.10.2-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 4da4e5c..9a1478a 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -173,7 +173,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-10 15:22 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2017-01-10 15:22 UTC (permalink / raw
To: gentoo-commits
commit: 198664a2ccedff520dab3d3ff4c10e474e9acf4c
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 15:21:05 2017 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 15:21:05 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=198664a2
www-servers/nginx: x86 stable wrt bug #605008
Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.10.2-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 9a1478a..2a00c26 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -173,7 +173,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-16 14:26 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-01-16 14:26 UTC (permalink / raw
To: gentoo-commits
commit: af1e9596ef64e37af30f56949ecbcd3f750180be
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 14:25:32 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 14:26:06 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af1e9596
www-servers/nginx: Add test restriction
Package does not provide a real test suite. Building with FEATURES=test will
currently end with a failure like
>>> Test phase: www-servers/nginx-1.10.2-r3
* Test::Harness Jobs=5
make --jobs 5 --load-average 7.95 test TEST_VERBOSE=0
make: *** No rule to make target 'test'. Stop.
* ERROR: www-servers/nginx-1.10.2-r3::gentoo failed (test phase):
* emake failed
Restricting test will prevent an error like this.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
www-servers/nginx/nginx-1.10.2-r3.ebuild | 3 +++
www-servers/nginx/nginx-1.11.6-r1.ebuild | 5 ++++-
www-servers/nginx/nginx-1.11.8.ebuild | 3 +++
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 2a00c26..8cb71d4 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -175,6 +175,9 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
SLOT="0"
KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
index 49ffa0a..d4c0878 100644
--- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.11.6-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -175,6 +175,9 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
SLOT="mainline"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
index d4ad6b0..d4c0878 100644
--- a/www-servers/nginx/nginx-1.11.8.ebuild
+++ b/www-servers/nginx/nginx-1.11.8.ebuild
@@ -175,6 +175,9 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
SLOT="mainline"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
fastcgi geo gzip limit_req limit_conn map memcached proxy referer
rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-24 17:58 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-01-24 17:58 UTC (permalink / raw
To: gentoo-commits
commit: d1493c23e773a3b92eb9e1f79e0239da54531943
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 17:58:30 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 17:58:30 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1493c23
www-servers/nginx: Bump to v1.11.9
Package-Manager: Portage-2.3.3, Repoman-2.3.1
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.11.9.ebuild | 1002 +++++++++++++++++++++++++++++++++
2 files changed, 1003 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 40667e8..e97451e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
+DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
new file mode 100644
index 00000000..d4c0878
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.9.ebuild
@@ -0,0 +1,1002 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_memc; then
+ cd "${HTTP_MEMC_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-31 17:51 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-01-31 17:51 UTC (permalink / raw
To: gentoo-commits
commit: f37bc910a241a557cf1386c59907dc75a2d30e6e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 31 17:49:11 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jan 31 17:49:11 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f37bc910
www-servers/nginx: Bump nginx (stable) to v1.10.3
Package-Manager: Portage-2.3.3, Repoman-2.3.1
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.10.3.ebuild | 989 ++++++++++++++++++++++++++++++++++
2 files changed, 990 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e97451e..6f1c342 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
+DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
new file mode 100644
index 00000000..6d538c8
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.3.ebuild
@@ -0,0 +1,989 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_memc; then
+ cd "${HTTP_MEMC_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use ipv6 && myconf+=( --with-ipv6 )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ # Treat stream upstream slightly differently
+ if ! use nginx_modules_stream_upstream; then
+ myconf+=( --without-stream_upstream_hash_module )
+ myconf+=( --without-stream_upstream_least_conn_module )
+ myconf+=( --without-stream_upstream_zone_module )
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-01-31 17:51 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-01-31 17:51 UTC (permalink / raw
To: gentoo-commits
commit: f86ee909d42c2a0577c6d31c52b672b620e9a920
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 31 17:50:58 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jan 31 17:50:58 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f86ee909
www-servers/nginx: Use HTTPS for nginx.org
Package-Manager: Portage-2.3.3, Repoman-2.3.1
www-servers/nginx/nginx-1.10.2-r3.ebuild | 4 ++--
www-servers/nginx/nginx-1.10.3.ebuild | 4 ++--
www-servers/nginx/nginx-1.11.6-r1.ebuild | 4 ++--
www-servers/nginx/nginx-1.11.8.ebuild | 4 ++--
www-servers/nginx/nginx-1.11.9.ebuild | 4 ++--
5 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 8cb71d4..e229135 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
index 6d538c8..cb9c750 100644
--- a/www-servers/nginx/nginx-1.10.3.ebuild
+++ b/www-servers/nginx/nginx-1.10.3.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
index d4c0878..bd2418b 100644
--- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.11.6-r1.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
index d4c0878..bd2418b 100644
--- a/www-servers/nginx/nginx-1.11.8.ebuild
+++ b/www-servers/nginx/nginx-1.11.8.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
index d4c0878..bd2418b 100644
--- a/www-servers/nginx/nginx-1.11.9.ebuild
+++ b/www-servers/nginx/nginx-1.11.9.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-02-14 17:06 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-02-14 17:06 UTC (permalink / raw
To: gentoo-commits
commit: e24779f56dba1a33bab8b9218eae43f72aaae4f6
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 14 16:59:20 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 14 17:06:31 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e24779f5
www-servers/nginx: Bump to v1.11.10 mainline
Ebuild changes:
===============
- NAXSI updated to v0.55.3
Package-Manager: Portage-2.3.3, Repoman-2.3.1
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.11.10.ebuild | 1002 ++++++++++++++++++++++++++++++++
2 files changed, 1004 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6f1c342550..b435401f20 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
+DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
@@ -15,6 +16,7 @@ DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67
DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
DIST ngx_http_lua-0.10.7.tar.gz 605171 SHA256 c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 SHA512 d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 WHIRLPOOL 7b64f75aae2ab74f51b3b2d07a59262a2c8ab2b863698b93b1184c003049641b45eded8fa5cc6301887c80d5fc34e9f22365da7765b3d5594ad838dacfceddd7
DIST ngx_http_naxsi-0.55.1.tar.gz 185997 SHA256 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 SHA512 aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 WHIRLPOOL 36830d10a35b724b7ea15e3884e96e2e4dd84f2b81fc1c7122d3e2e83a1942227321b1a7141d829423788bc52a3e199a95ca2637369e17f84ea16eb0cb2e5e37
+DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
diff --git a/www-servers/nginx/nginx-1.11.10.ebuild b/www-servers/nginx/nginx-1.11.10.ebuild
new file mode 100644
index 0000000000..2662158ecd
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.10.ebuild
@@ -0,0 +1,1002 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_memc; then
+ cd "${HTTP_MEMC_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-03-22 14:22 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2017-03-22 14:22 UTC (permalink / raw
To: gentoo-commits
commit: 49032003f8f6fa803d66b8037963a4aee43115d2
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 22 14:22:10 2017 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 22 14:22:10 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49032003
www-servers/nginx: amd64 stable wrt bug #613416
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.10.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
index 6d85be564ba..db08f7e61e0 100644
--- a/www-servers/nginx/nginx-1.10.3.ebuild
+++ b/www-servers/nginx/nginx-1.10.3.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-03-27 10:25 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-03-27 10:25 UTC (permalink / raw
To: gentoo-commits
commit: 8590621f9281188a9922779acb6730ec193ee52f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 27 10:24:51 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Mar 27 10:25:19 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8590621f
www-servers/nginx: Bump to v1.11.12 mainline (bug #614042)
Replaces v1.11.11 which might hog CPU due to a bug introduced in v1.11.11.
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.11.11.ebuild => nginx-1.11.12.ebuild} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 377d516b6ec..5bcff98aed8 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,7 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
-DIST nginx-1.11.11.tar.gz 979864 SHA256 5a7ac480248e28d26e68fd1ea3dbd8b05f69726d71528e79332839b171277262 SHA512 c830c1eb762f5d5df19c4b256c8aa4ebe8354f3a088f07c6b4b890806117d1716eaa20dbd6ac1ff5eafc2b1ee43c44ed608aa96b9057e44953b2888177e67719 WHIRLPOOL 9403ab4763a077a378d997d7a60abdf6c9a8caa8756096c86c1046ca324926e9e8e835c59bd677440fc33e8a9f4c22cfa238e043116bfed621dabcadacc9d1cf
+DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
diff --git a/www-servers/nginx/nginx-1.11.11.ebuild b/www-servers/nginx/nginx-1.11.12.ebuild
similarity index 100%
rename from www-servers/nginx/nginx-1.11.11.ebuild
rename to www-servers/nginx/nginx-1.11.12.ebuild
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-04-04 18:25 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-04-04 18:25 UTC (permalink / raw
To: gentoo-commits
commit: f085102d8f479d2fcacd00d62839a8a2f4729c47
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 4 18:24:07 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 4 18:24:55 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f085102d
www-servers/nginx: Bump to v1.11.13 mainline
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.11.13.ebuild | 1011 ++++++++++++++++++++++++++++++++
2 files changed, 1012 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index ae2fef0f10a..e121a44fcc7 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
+DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.11.13.ebuild b/www-servers/nginx/nginx-1.11.13.ebuild
new file mode 100644
index 00000000000..7870abf9766
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.13.ebuild
@@ -0,0 +1,1011 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_memc; then
+ cd "${HTTP_MEMC_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-04-04 18:25 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-04-04 18:25 UTC (permalink / raw
To: gentoo-commits
commit: 64ad6ced41a9983b0fcba4ec0c12ebd788e6f799
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 4 18:21:20 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 4 18:24:53 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64ad6ced
www-servers/nginx: Cleanup old versions
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 4 -
www-servers/nginx/nginx-1.10.2-r3.ebuild | 988 -----------------------------
www-servers/nginx/nginx-1.11.6-r1.ebuild | 1001 ------------------------------
www-servers/nginx/nginx-1.11.8.ebuild | 1001 ------------------------------
www-servers/nginx/nginx-1.11.9.ebuild | 1001 ------------------------------
5 files changed, 3995 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5bcff98aed8..ae2fef0f10a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,11 +1,7 @@
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
-DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
-DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
-DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
-DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
deleted file mode 100644
index cf55f356592..00000000000
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ /dev/null
@@ -1,988 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eapply "${FILESDIR}"/http_security-pr_1158.patch
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_memc; then
- cd "${HTTP_MEMC_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use ipv6 && myconf+=( --with-ipv6 )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- # Treat stream upstream slightly differently
- if ! use nginx_modules_stream_upstream; then
- myconf+=( --without-stream_upstream_hash_module )
- myconf+=( --without-stream_upstream_least_conn_module )
- myconf+=( --without-stream_upstream_zone_module )
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
deleted file mode 100644
index 688728d104b..00000000000
--- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eapply "${FILESDIR}"/http_security-pr_1158.patch
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_memc; then
- cd "${HTTP_MEMC_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
deleted file mode 100644
index 688728d104b..00000000000
--- a/www-servers/nginx/nginx-1.11.8.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eapply "${FILESDIR}"/http_security-pr_1158.patch
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_memc; then
- cd "${HTTP_MEMC_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
deleted file mode 100644
index 688728d104b..00000000000
--- a/www-servers/nginx/nginx-1.11.9.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_lua; then
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eapply "${FILESDIR}"/http_security-pr_1158.patch
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_memc; then
- cd "${HTTP_MEMC_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-04-14 10:51 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-04-14 10:51 UTC (permalink / raw
To: gentoo-commits
commit: 81ea3aa6596233070d7bfcafdc704ec5ebf32379
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 14 10:51:05 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 14 10:51:38 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81ea3aa6
www-servers/nginx: Bumped to v1.12.0 stable
Ebuild changes:
===============
- HTTP LUA module bumped to v0.10.8
Warning: While the module now builds against nginx-1.11.11+ the author
warns that >=nginx-1.11.11 is still not an officially
supported target for that module. You are on your own!
- RTMP module bumped to v1.1.11
- HTTP memc module bumped to v0.18
- HTTP NAXSI module bumped to v0.55.3
- New upstream stream modules
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.12.0.ebuild | 1015 +++++++++++++++++++++++++++++++++
2 files changed, 1016 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 06b177149bf..c9882c2e17c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
+DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.12.0.ebuild b/www-servers/nginx/nginx-1.12.0.ebuild
new file mode 100644
index 00000000000..a28bc1a098f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.0.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-04-26 8:29 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-04-26 8:29 UTC (permalink / raw
To: gentoo-commits
commit: 2e2758a67d46e090851d37e6da1ac1a098f41d93
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 26 08:25:38 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 26 08:26:04 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e2758a6
www-servers/nginx: Bump to v1.13.0 mainline
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.13.0.ebuild | 1015 +++++++++++++++++++++++++++++++++
2 files changed, 1016 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c9882c2e17c..35eac0ca792 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea
DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
+DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.13.0.ebuild b/www-servers/nginx/nginx-1.13.0.ebuild
new file mode 100644
index 00000000000..cb4c774f1aa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.0.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-05-30 15:42 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-05-30 15:42 UTC (permalink / raw
To: gentoo-commits
commit: c3bb326a6265e020e6e01d798714faf0bf58edd1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 15:42:08 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 30 15:42:29 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3bb326a
www-servers/nginx: Bump to v1.13.1 mainline
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.13.1.ebuild | 1015 +++++++++++++++++++++++++++++++++
2 files changed, 1016 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 35eac0ca792..594430bbaff 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22
DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
+DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.13.1.ebuild b/www-servers/nginx/nginx-1.13.1.ebuild
new file mode 100644
index 00000000000..cb4c774f1aa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.1.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-06-27 16:39 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-06-27 16:39 UTC (permalink / raw
To: gentoo-commits
commit: f8e7e47c9fa8ee8727b9f06277ec5a076aced0bf
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 27 16:38:43 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 27 16:38:57 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8e7e47c
www-servers/nginx: Bump to v1.13.2 mainline
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.13.2.ebuild | 1015 +++++++++++++++++++++++++++++++++
2 files changed, 1016 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 594430bbaff..8650aa4f9ae 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,6 +5,7 @@ DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18
DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
+DIST nginx-1.13.2.tar.gz 985802 SHA256 d77f234d14989d273a363f570e1d892395c006fef2ec04789be90f41a1919b70 SHA512 b07a0a6e8201979dbcec5ecdec9dd1210f35d5e861ff149b3a59f7d1d36f15ec195ef41c6d82a3bf618e9f044dbae06bb45d7f0369574cde97bd74b750dea905 WHIRLPOOL 46de82a5554a78249079a200720ec6184ff2e52a5609c12e365bdbc7f052486c3991eee3fac8bab71d75068e132a2eb112b4a99211a6365d991273a44e5d8ec2
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
diff --git a/www-servers/nginx/nginx-1.13.2.ebuild b/www-servers/nginx/nginx-1.13.2.ebuild
new file mode 100644
index 00000000000..cb4c774f1aa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.2.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-07-11 16:30 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-07-11 16:30 UTC (permalink / raw
To: gentoo-commits
commit: d195ea6ec9933d558fecdfb30edebca2ea413c13
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 11 16:28:36 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 11 16:28:55 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d195ea6e
www-servers/nginx: Security bump for CVE-2017-7529 (bug #624552)
Package-Manager: Portage-2.3.5, Repoman-2.3.2
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.12.1.ebuild | 1015 +++++++++++++++++++++++++++++++++
www-servers/nginx/nginx-1.13.3.ebuild | 1015 +++++++++++++++++++++++++++++++++
3 files changed, 2033 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8650aa4f9ae..b4746ce02a1 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,9 +3,11 @@ DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea
DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
+DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
DIST nginx-1.13.2.tar.gz 985802 SHA256 d77f234d14989d273a363f570e1d892395c006fef2ec04789be90f41a1919b70 SHA512 b07a0a6e8201979dbcec5ecdec9dd1210f35d5e861ff149b3a59f7d1d36f15ec195ef41c6d82a3bf618e9f044dbae06bb45d7f0369574cde97bd74b750dea905 WHIRLPOOL 46de82a5554a78249079a200720ec6184ff2e52a5609c12e365bdbc7f052486c3991eee3fac8bab71d75068e132a2eb112b4a99211a6365d991273a44e5d8ec2
+DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -29,3 +31,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
DIST ngx_rtmp-1.1.10.tar.gz 519877 SHA256 f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c SHA512 bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f WHIRLPOOL 655f4dcb02f928698ae14d29e5b7f60ad3fd71c757d67f1930c695a3501054d124a92f7ada7d4e605204f1e73e0779cad0b60102bc98d64764535581db0b1867
DIST ngx_rtmp-1.1.11.tar.gz 519988 SHA256 71e8a0b42a41d1cb5ab1b9a8793f0e479e31fa9b59c4c6f5665df41cebf09e2b SHA512 e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 WHIRLPOOL a9799368dbfdc18d396b8b3abfe5582783c912fec1f3b0d8ce9444e1e0549c63eec9586a18adda1a323a86a4af09ae43051335545cd27e1b5dcb15bb25e1dac9
+DIST ngx_rtmp-1.2.0.tar.gz 519895 SHA256 a8026f5ade30b178a06f12c46dff053cfe12256016ad465a46646183086b16b0 SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8 WHIRLPOOL ea18f30cac7310a9b9be92178266afab5403f9e2e52cf89142c3c8bd20c05b12390ae90bdb50ceabef7ba869ef95502fee2f046716daea95de10527acba826c8
diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
new file mode 100644
index 00000000000..96bc9f71ba2
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.1.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
diff --git a/www-servers/nginx/nginx-1.13.3.ebuild b/www-servers/nginx/nginx-1.13.3.ebuild
new file mode 100644
index 00000000000..95f97cf6a40
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.3.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_echo; then
+ cd "${HTTP_ECHO_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_lua; then
+ cd "${HTTP_LUA_MODULE_WD}" || die
+ eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+ cd "${S}" || die
+ sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-07-12 8:17 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2017-07-12 8:17 UTC (permalink / raw
To: gentoo-commits
commit: 786c022fa856eff25a9033954b7b322138ed8b52
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 12 08:17:02 2017 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jul 12 08:17:02 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=786c022f
www-servers/nginx: amd64 stable wrt bug #624552
Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.12.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
index 96bc9f71ba2..86ba9b40d49 100644
--- a/www-servers/nginx/nginx-1.12.1.ebuild
+++ b/www-servers/nginx/nginx-1.12.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-07-12 8:18 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2017-07-12 8:18 UTC (permalink / raw
To: gentoo-commits
commit: 7cdfe1b048245a0b7f01edd5bed09f9f5168d984
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 12 08:18:13 2017 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jul 12 08:18:13 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cdfe1b0
www-servers/nginx: x86 stable wrt bug #624552
Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.12.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
index 86ba9b40d49..5c7b643f437 100644
--- a/www-servers/nginx/nginx-1.12.1.ebuild
+++ b/www-servers/nginx/nginx-1.12.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-09-05 16:50 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-09-05 16:50 UTC (permalink / raw
To: gentoo-commits
commit: e4edc7bc232ba2f0c722e7077ce79a994237901c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 5 16:50:22 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Sep 5 16:50:22 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4edc7bc
www-servers/nginx: Bump to v1.13.5 mainline
Ebuild changes:
===============
- fancyindex module bumped to v0.4.2
Package-Manager: Portage-2.3.8, Repoman-2.3.3
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.13.5.ebuild | 1000 +++++++++++++++++++++++++++++++++
2 files changed, 1002 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2e2fa264bb0..965537cde43 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 SHA256 41a8f73476ec891f3a9e8736b98b64ea5c2
DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
+DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -13,6 +14,7 @@ DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 SHA256 6b004eed8ea16ad8de4d304027bf0413c
DIST ngx_http_echo-0.60.tar.gz 52771 SHA256 1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c WHIRLPOOL 8938ac18aae74a5c4806ff3611c243c9bee108ef93fef7b0da284040c2ec2d9a57cb3cad9e3719cb795bbb063176d7afe81b7288ebacf5096d26b16e5ef34da6
DIST ngx_http_echo-0.61.tar.gz 53155 SHA256 2e6a03032555f5da1bdff2ae96c96486f447da3da37c117e0f964ae0753d22aa SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b WHIRLPOOL 66c4103ce093afb15cd3ec8c53ba52f8db0f10837084448cbc080618c3882f5441491ba60a74831012433a0e4286d8ae66187e33cac3d1b715e58694fddfc84e
DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
+DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 SHA256 8327150864ca267b735d550d3304030efbbd863fdddfe0a94e970f249a8827ee SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76 WHIRLPOOL 81b34afe05fda9068a53d5fa29937c72210847a9eda86f8858d6d2d625958f1c6cea2c3639ce9132687b672384b066f314bfb7096098646131c7380bd99c5470
DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
DIST ngx_http_lua-0.10.10.tar.gz 611973 SHA256 b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9 SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d WHIRLPOOL 23b5509618a7b3db215ed62b37773f7fa4e1ec14efceef631344c608c079929cded79c6888fa4a45fc31b25463ebb43030cf86868e3df99bb8b3d49116a448d5
DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba
diff --git a/www-servers/nginx/nginx-1.13.5.ebuild b/www-servers/nginx/nginx-1.13.5.ebuild
new file mode 100644
index 00000000000..1f7375d4372
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.5.ebuild
@@ -0,0 +1,1000 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+ referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-09-13 15:05 Fabian Groffen
0 siblings, 0 replies; 277+ messages in thread
From: Fabian Groffen @ 2017-09-13 15:05 UTC (permalink / raw
To: gentoo-commits
commit: e7d3e6695ee01983b7b2dcff9ae18b33d8e6c13a
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 13 14:56:22 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Sep 13 14:56:22 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7d3e669
www-servers/nginx: marked ~ppc64
Package-Manager: Portage-2.3.6, Repoman-2.3.1
www-servers/nginx/nginx-1.13.5.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.13.5.ebuild b/www-servers/nginx/nginx-1.13.5.ebuild
index 1f7375d4372..96e741f7f53 100644
--- a/www-servers/nginx/nginx-1.13.5.ebuild
+++ b/www-servers/nginx/nginx-1.13.5.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-10-10 18:58 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-10-10 18:58 UTC (permalink / raw
To: gentoo-commits
commit: b613924f6b07ec6e2d731ff610c0d54f41b14506
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 10 18:56:28 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 10 18:58:39 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b613924f
www-servers/nginx: Bump to v1.13.6 mainline
Ebuild changes:
===============
- upstream check module bumped to commit 31b1b42873fa56620d8a873ac13f5f26b52d0cd6
Package-Manager: Portage-2.3.10, Repoman-2.3.3
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.13.6.ebuild | 1000 +++++++++++++++++++++++++++++++++
2 files changed, 1002 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 965537cde43..12711aea96f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17
DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
+DIST nginx-1.13.6.tar.gz 989760 SHA256 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e WHIRLPOOL e219846d7a15de9239d4c26eab4e8ec783bbc715e84eee0f6a8591a1d0dae0eeb828b15ccf622638c14a943758b3bb02e23355e129c16178d9aca72c4733b80f
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -23,6 +24,7 @@ DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba2
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0
+DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 SHA256 c7241b15ba20779d8d465dfe05e8e53f9e62b069b4165c9e8001eb795b870ff4 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b WHIRLPOOL 932a51c8911053e301a7efa3006bf994622b79f3a9f39c317f33f2243c77dde06c7b8387bf0969943512afe049f0e55c8aad5c89d4fd0f4c84939b20927c52ed
DIST ngx_memc_module-0.18.tar.gz 37113 SHA256 4e280d1dcb8b312bc7875604c1e35b17879279126d3d5fbf482aa9cc7c11276d SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706 WHIRLPOOL 9570bf7fb4e925d1794f3af0914efca036fe65696e7e380969133b89878e5f46f71cd5ffb7b5ea94085aced26d289abca77d7ef805f03ff614bc12a47d7aab3f
DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
diff --git a/www-servers/nginx/nginx-1.13.6.ebuild b/www-servers/nginx/nginx-1.13.6.ebuild
new file mode 100644
index 00000000000..f2844ff8505
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.6.ebuild
@@ -0,0 +1,1000 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+ referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-10-17 16:23 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-10-17 16:23 UTC (permalink / raw
To: gentoo-commits
commit: 237b8241f23eb73b431c0745e4c6706b71613fd6
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 17 16:17:27 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 17 16:23:16 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=237b8241
www-servers/nginx: Bump to v1.12.2 stable
Package-Manager: Portage-2.3.10, Repoman-2.3.3
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.12.2.ebuild | 999 ++++++++++++++++++++++++++++++++++
2 files changed, 1000 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 12711aea96f..bb8f6618067 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
DIST modsecurity-2.9.2.tar.gz 4298993 SHA256 41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21 WHIRLPOOL cbdc090f5fefeb6b6b71362e03dc12c4c574b7726005e8b552f4db7b765fc77f4609af5f216fad6c336d886e112aa392e3f885a140a72d731eed78a1ed51cd88
DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
+DIST nginx-1.12.2.tar.gz 981687 SHA256 305f379da1d5fb5aefa79e45c829852ca6983c7cd2a79328f8e084a324cf0416 SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7 WHIRLPOOL 118bbb2f432603fe13cb673a85f7c998bc349df801eee5d043a6e2f7ecb197e1cb86b71c56babf7b41fc6c9ea3953665c14a1ce62a31080fb992637fecb20ee9
DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
diff --git a/www-servers/nginx/nginx-1.12.2.ebuild b/www-servers/nginx/nginx-1.12.2.ebuild
new file mode 100644
index 00000000000..cc482646f7c
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.2.ebuild
@@ -0,0 +1,999 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+ rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+ upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-10-30 0:01 Jonas Stein
0 siblings, 0 replies; 277+ messages in thread
From: Jonas Stein @ 2017-10-30 0:01 UTC (permalink / raw
To: gentoo-commits
commit: c3bcfd7faf0443efb77b7da1e4ed17a56851f6e1
Author: Jonas Stein <jstein <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 30 00:01:15 2017 +0000
Commit: Jonas Stein <jstein <AT> gentoo <DOT> org>
CommitDate: Mon Oct 30 00:01:35 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3bcfd7f
www-servers/nginx: Removed proxied maintainer
Proxied maintainer retired.
Closes: https://bugs.gentoo.org/633054
Package-Manager: Portage-2.3.13, Repoman-2.3.4
www-servers/nginx/metadata.xml | 5 -----
1 file changed, 5 deletions(-)
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 2721de505ad..8315c7922c7 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -9,11 +9,6 @@
<email>dev-zero@gentoo.org</email>
<name>Tiziano Müller</name>
</maintainer>
- <maintainer type="person">
- <email>bugs@bergstroem.nu</email>
- <name>Johan Bergström</name>
- <description>Co-maintainer, CC on bugs.</description>
- </maintainer>
<use>
<flag name="aio">Enables file AIO support</flag>
<flag name="http">Enable HTTP core support</flag>
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-11-21 16:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-11-21 16:04 UTC (permalink / raw
To: gentoo-commits
commit: b1a39c149ffac5d3168aa0f4e9723e4a6bc8ca95
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 21 16:04:37 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 21 16:04:51 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1a39c14
www-servers/nginx: Bump to v1.13.7 mainline
Ebuild changes:
===============
- headers_more module bumped to v0.33
- lua module bumped to 0.10.11
- push module bumped to 0.5.4
Package-Manager: Portage-2.3.13, Repoman-2.3.4
www-servers/nginx/Manifest | 4 +
www-servers/nginx/nginx-1.13.7.ebuild | 1006 +++++++++++++++++++++++++++++++++
2 files changed, 1010 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index bb8f6618067..0b2958d40da 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,6 +6,7 @@ DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82
DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
DIST nginx-1.13.6.tar.gz 989760 SHA256 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e WHIRLPOOL e219846d7a15de9239d4c26eab4e8ec783bbc715e84eee0f6a8591a1d0dae0eeb828b15ccf622638c14a943758b3bb02e23355e129c16178d9aca72c4733b80f
+DIST nginx-1.13.7.tar.gz 990836 SHA256 beb732bc7da80948c43fd0bf94940a21a21b1c1ddfba0bd99a4b88e026220f5c SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0 WHIRLPOOL f56195c1bf4143acfceba4d7c03a2cf7a12d26f829dbf8465c59618601dacc10746e85c45dbbbb6d3b978706766b6987a478fd665776c454411a7ff4b164e869
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -18,10 +19,13 @@ DIST ngx_http_echo-0.61.tar.gz 53155 SHA256 2e6a03032555f5da1bdff2ae96c96486f447
DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 SHA256 8327150864ca267b735d550d3304030efbbd863fdddfe0a94e970f249a8827ee SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76 WHIRLPOOL 81b34afe05fda9068a53d5fa29937c72210847a9eda86f8858d6d2d625958f1c6cea2c3639ce9132687b672384b066f314bfb7096098646131c7380bd99c5470
DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
+DIST ngx_http_headers_more-0.33.tar.gz 28130 SHA256 a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37 WHIRLPOOL 3684b3ff76c6d4ff12d721db31376b6a2b8a91833210d7a0705c7e8615bb079d509d0d25d56a1a2ade33d90cf72006da4affcaeb89f7f6d57818b5436a0ab44c
DIST ngx_http_lua-0.10.10.tar.gz 611973 SHA256 b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9 SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d WHIRLPOOL 23b5509618a7b3db215ed62b37773f7fa4e1ec14efceef631344c608c079929cded79c6888fa4a45fc31b25463ebb43030cf86868e3df99bb8b3d49116a448d5
+DIST ngx_http_lua-0.10.11.tar.gz 616653 SHA256 c0fb91fcfd1c6e7dec34ca64826ef81ffebafdef6174d254467636f380566626 SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511 WHIRLPOOL 1ad973245c301d585e6d427d08ad32df7c0be2d5af6bd4c422521fb7e29fc5c99565c6fe7cf3784a118ce69b042689381e1ab18d20524edd55331c112fe0a4be
DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba
DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
+DIST ngx_http_push_stream-0.5.4.tar.gz 183493 SHA256 5253bb8a804ea679e514137a234637298f044c3ef63c053670bf3802ff3535b1 SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86 WHIRLPOOL 14e2dee5d08d495d9a3c96298508ff83cbd75c01f2c9800b57e1827540a3dfa70bd3e67cad41847906f58bc30004af90a08a58c93fbee3903e856e3736f809b9
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0
diff --git a/www-servers/nginx/nginx-1.13.7.ebuild b/www-servers/nginx/nginx-1.13.7.ebuild
new file mode 100644
index 00000000000..b0d71137e94
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.7.ebuild
@@ -0,0 +1,1006 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+ referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-12-26 16:34 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-12-26 16:34 UTC (permalink / raw
To: gentoo-commits
commit: d609bbeb50dee991641cfbf1d7e99e8285847bcb
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 26 16:34:28 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 26 16:34:45 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d609bbeb
www-servers/nginx: Bump to v1.13.8 mainline
Ebuild changes:
===============
- rtmp module bumped to v1.2.1
Package-Manager: Portage-2.3.19, Repoman-2.3.6
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.13.8.ebuild | 1006 +++++++++++++++++++++++++++++++++
2 files changed, 1008 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index fed031b523a..a19dd8765e4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -7,6 +7,7 @@ DIST nginx-1.13.4.tar.gz 988415 BLAKE2B 7afcd99b8382307a97550de9401c89b3cc7e79c1
DIST nginx-1.13.5.tar.gz 988821 BLAKE2B 1711966abe6d52fdda0b27488edc3f9c555bad498f661524e908af5c34a681dc878cd55449e76a003ae2adb43f61c8b1ee4329b72940bc7fbab6decc6f18ae4a SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459
DIST nginx-1.13.6.tar.gz 989760 BLAKE2B d833f0b432a33f8cf36108f42e423b95efd410f745a6bc17d6749952f5024641548ebd41e6c31cdda246428c38ae07df70bb4d9c0a6794cad3e3256d07ff3f03 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e
DIST nginx-1.13.7.tar.gz 990836 BLAKE2B 158c70018426e78a8e5157bde1c164de78bb9968c37f4c3fe24e30ef3df7690abdd6932522c6c179db8c5ff4da0f3fcee925e3b2680bfa33dc2b2abc8f007708 SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0
+DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
@@ -34,3 +35,4 @@ DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec7885
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
+DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
diff --git a/www-servers/nginx/nginx-1.13.8.ebuild b/www-servers/nginx/nginx-1.13.8.ebuild
new file mode 100644
index 00000000000..0cad8199f3f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.8.ebuild
@@ -0,0 +1,1006 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+ referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_upload_progress
+ http_headers_more
+ http_cache_purge
+ http_slowfs_cache
+ http_fancyindex
+ http_lua
+ http_auth_pam
+ http_upstream_check
+ http_metrics
+ http_naxsi
+ http_dav_ext
+ http_echo
+ http_security
+ http_push_stream
+ http_sticky
+ http_mogilefs
+ http_memc
+ http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-12-26 16:41 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-12-26 16:41 UTC (permalink / raw
To: gentoo-commits
commit: 8b9dfbfd6e02d1eeb6fa153390e5ed8b7c89140b
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 26 16:39:20 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 26 16:41:41 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b9dfbfd
www-servers/nginx: Cleanup old.
Package-Manager: Portage-2.3.19, Repoman-2.3.6
www-servers/nginx/Manifest | 4 -
www-servers/nginx/nginx-1.12.2.ebuild | 999 -----------------------------
www-servers/nginx/nginx-1.13.3.ebuild | 1015 ------------------------------
www-servers/nginx/nginx-1.13.4.ebuild | 1000 -----------------------------
www-servers/nginx/nginx-1.13.5.ebuild | 1000 -----------------------------
www-servers/nginx/nginx-1.13.6-r1.ebuild | 1006 -----------------------------
www-servers/nginx/nginx-1.13.6.ebuild | 1000 -----------------------------
7 files changed, 6024 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a19dd8765e4..e9c5e42c611 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,10 +2,6 @@ DIST modsecurity-2.9.1.tar.gz 4261212 BLAKE2B c47c7934d8da870e629c5733cc8c37452e
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.12.1.tar.gz 981093 BLAKE2B fa81164511591736b5da1937f2e867712845ff6bfa51cb9c2e2cd367f5d936f7ff6fd3a86cc1d2a49e0b97f6200dbc7808f783941182e08a1037112d858c91cd SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6
DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
-DIST nginx-1.13.3.tar.gz 985931 BLAKE2B 3b95a66ffb9e44669a9833f787135d779420a4a3d4f931b43c0e32e8ffea6266e14e2fc3a0c5e682b5f9401375da97dfe295e4244528954a62b2171af762424b SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380
-DIST nginx-1.13.4.tar.gz 988415 BLAKE2B 7afcd99b8382307a97550de9401c89b3cc7e79c1602044fae447db3cec5daa00e6787d3e3bf40ba3fb3191a9b8d0ea576b5116a34933eef818d414e65c364637 SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740
-DIST nginx-1.13.5.tar.gz 988821 BLAKE2B 1711966abe6d52fdda0b27488edc3f9c555bad498f661524e908af5c34a681dc878cd55449e76a003ae2adb43f61c8b1ee4329b72940bc7fbab6decc6f18ae4a SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459
-DIST nginx-1.13.6.tar.gz 989760 BLAKE2B d833f0b432a33f8cf36108f42e423b95efd410f745a6bc17d6749952f5024641548ebd41e6c31cdda246428c38ae07df70bb4d9c0a6794cad3e3256d07ff3f03 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e
DIST nginx-1.13.7.tar.gz 990836 BLAKE2B 158c70018426e78a8e5157bde1c164de78bb9968c37f4c3fe24e30ef3df7690abdd6932522c6c179db8c5ff4da0f3fcee925e3b2680bfa33dc2b2abc8f007708 SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0
DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
diff --git a/www-servers/nginx/nginx-1.12.2.ebuild b/www-servers/nginx/nginx-1.12.2.ebuild
deleted file mode 100644
index cc482646f7c..00000000000
--- a/www-servers/nginx/nginx-1.12.2.ebuild
+++ /dev/null
@@ -1,999 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.13.3.ebuild b/www-servers/nginx/nginx-1.13.3.ebuild
deleted file mode 100644
index 95f97cf6a40..00000000000
--- a/www-servers/nginx/nginx-1.13.3.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_echo; then
- cd "${HTTP_ECHO_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_lua; then
- cd "${HTTP_LUA_MODULE_WD}" || die
- eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
- cd "${S}" || die
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eapply "${FILESDIR}"/http_security-pr_1158.patch
- eapply "${FILESDIR}"/http_security-pr_1373.patch
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.13.4.ebuild b/www-servers/nginx/nginx-1.13.4.ebuild
deleted file mode 100644
index fd6ca7601cf..00000000000
--- a/www-servers/nginx/nginx-1.13.4.ebuild
+++ /dev/null
@@ -1,1000 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
- referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.13.5.ebuild b/www-servers/nginx/nginx-1.13.5.ebuild
deleted file mode 100644
index 96e741f7f53..00000000000
--- a/www-servers/nginx/nginx-1.13.5.ebuild
+++ /dev/null
@@ -1,1000 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
- referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.13.6-r1.ebuild b/www-servers/nginx/nginx-1.13.6-r1.ebuild
deleted file mode 100644
index 98e2bf7e78a..00000000000
--- a/www-servers/nginx/nginx-1.13.6-r1.ebuild
+++ /dev/null
@@ -1,1006 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
- referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.13.6.ebuild b/www-servers/nginx/nginx-1.13.6.ebuild
deleted file mode 100644
index f2844ff8505..00000000000
--- a/www-servers/nginx/nginx-1.13.6.ebuild
+++ /dev/null
@@ -1,1000 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
- referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2017-12-26 16:41 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2017-12-26 16:41 UTC (permalink / raw
To: gentoo-commits
commit: c16cffd2f3a720a6de660ec7ad8954b839b4003f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 26 16:41:28 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 26 16:41:42 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c16cffd2
www-servers/nginx: x86 stable (bug #642328)
Package-Manager: Portage-2.3.19, Repoman-2.3.6
www-servers/nginx/nginx-1.12.2-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
index fdf52f005cc..cacb3fe4c7f 100644
--- a/www-servers/nginx/nginx-1.12.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.12.2-r1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-01-02 0:00 Mikle Kolyada
0 siblings, 0 replies; 277+ messages in thread
From: Mikle Kolyada @ 2018-01-02 0:00 UTC (permalink / raw
To: gentoo-commits
commit: d23d74051935672e5f035a5c2b3fffc13ebd812a
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 1 23:59:52 2018 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Mon Jan 1 23:59:52 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d23d7405
www-servers/nginx: amd64 stable wrt bug #642328
Package-Manager: Portage-2.3.13, Repoman-2.3.3
www-servers/nginx/nginx-1.12.2-r1.ebuild | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
index cacb3fe4c7f..40d650b17fe 100644
--- a/www-servers/nginx/nginx-1.12.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.12.2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-02-01 20:49 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-02-01 20:49 UTC (permalink / raw
To: gentoo-commits
commit: d01cf3565b9d317b5d26cb7bb5979d98f159cf80
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 1 20:46:48 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Feb 1 20:48:55 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d01cf356
www-servers/nginx: Cleanup old
Package-Manager: Portage-2.3.21, Repoman-2.3.6
www-servers/nginx/Manifest | 8 -
www-servers/nginx/nginx-1.12.1.ebuild | 1015 ---------------------------------
www-servers/nginx/nginx-1.13.7.ebuild | 1006 --------------------------------
3 files changed, 2029 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e9c5e42c611..a4bbc9bda74 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,31 +1,23 @@
-DIST modsecurity-2.9.1.tar.gz 4261212 BLAKE2B c47c7934d8da870e629c5733cc8c37452e4d90351269a14b99483188e8e3161891bd63bfd70e0723648c8daf51f1c33d900bd90ab0157332f826eab772f09f62 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
-DIST nginx-1.12.1.tar.gz 981093 BLAKE2B fa81164511591736b5da1937f2e867712845ff6bfa51cb9c2e2cd367f5d936f7ff6fd3a86cc1d2a49e0b97f6200dbc7808f783941182e08a1037112d858c91cd SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6
DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
-DIST nginx-1.13.7.tar.gz 990836 BLAKE2B 158c70018426e78a8e5157bde1c164de78bb9968c37f4c3fe24e30ef3df7690abdd6932522c6c179db8c5ff4da0f3fcee925e3b2680bfa33dc2b2abc8f007708 SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0
DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
-DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 BLAKE2B 065e41a6bfa1d3cc539dc1e6085e1897ff27f54204f6667a57bd3972954993aa5aae7f33a008be6e0b716a1633ec87833cb405be0494210ae819470ff808d01a SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74
DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
-DIST ngx_http_echo-0.60.tar.gz 52771 BLAKE2B b7e138e2244d5a5128f3af27ebc873f0597b10335e2c786efc3a1712f260a653c036421d114774c168b55565f4fc8ff2e5d788dc9a34dc2587343797b2928b80 SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
-DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 BLAKE2B 9b38799e98e18c9ff7fd71c2a6cefccbac6f0e428f965a239de1b5cd64a69224240aa37f7d72157bbb148fe824aaf9c863221d8d6ad1835b76538e2384df16b1 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1
DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
DIST ngx_http_lua-0.10.11.tar.gz 616653 BLAKE2B 6985823752755b78b626f597600adf45592ce4c8dc3a513dd43b9f5152c9746a795faa3714124d74814ad88739dd8889de50e764ad2ea808c48570d1e297aeec SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511
-DIST ngx_http_lua-0.10.8.tar.gz 606643 BLAKE2B 15eda2ebc599058ff61cbd3afdee17ce6f30f22ecaefcea6f1545728ccb2422ecdd6128e0860c3225981e9b100c9300b78e86c1a98884f36260628a62af30fd1 SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a
DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
-DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 BLAKE2B abaec02117c0ad0729e782f34e36a7b5547fffd300312c9fcccb718c3f6d0ff3a566756c21bd68209d102cff0418ca3d1f363c3aa898be0a49e2a003bb6eb1b9 SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29
DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
deleted file mode 100644
index 5c7b643f437..00000000000
--- a/www-servers/nginx/nginx-1.12.1.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_echo; then
- cd "${HTTP_ECHO_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_lua; then
- cd "${HTTP_LUA_MODULE_WD}" || die
- eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
- cd "${S}" || die
- sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eapply "${FILESDIR}"/http_security-pr_1158.patch
- eapply "${FILESDIR}"/http_security-pr_1373.patch
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.13.7.ebuild b/www-servers/nginx/nginx-1.13.7.ebuild
deleted file mode 100644
index b0d71137e94..00000000000
--- a/www-servers/nginx/nginx-1.13.7.ebuild
+++ /dev/null
@@ -1,1006 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.11"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
- referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-02-20 15:24 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-02-20 15:24 UTC (permalink / raw
To: gentoo-commits
commit: 8d79a14747bb0f671b8e072e3024a53d8bc52bfb
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 20 15:24:19 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 20 15:24:19 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d79a147
www-servers/nginx: Bump to v1.13.9 mainline
Package-Manager: Portage-2.3.24, Repoman-2.3.6
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.13.9.ebuild | 1065 +++++++++++++++++++++++++++++++++
2 files changed, 1066 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e2f6fa4a721..8b160e997be 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
+DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.13.9.ebuild b/www-servers/nginx/nginx-1.13.9.ebuild
new file mode 100644
index 00000000000..82920e6b89d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.9.ebuild
@@ -0,0 +1,1065 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8cd9dd5fc232d3a01644584921e52dae99034779"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.1.15"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+ referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/njs-0.1.15-fix-o3-building.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-04-03 15:52 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-04-03 15:52 UTC (permalink / raw
To: gentoo-commits
commit: 649e666324f0c6de35e1e3afc7f6c202a70e946c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 3 15:51:16 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 3 15:52:05 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=649e6663
www-servers/nginx: Bump to v1.13.11 mainline
Ebuild changes:
===============
- brotli module updated to commit 6a1174446f5a866d3d13615dd2824177570f0a69.
- nginScript module bumped to v0.2.0.
- Support for EXTRA_ECONF added to allow those who know what they
are doing to add additional modules for example. [Bug 651164]
Closes: https://bugs.gentoo.org/651164
Package-Manager: Portage-2.3.26, Repoman-2.3.7
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.13.11.ebuild | 1064 ++++++++++++++++++++++++++++++++
2 files changed, 1067 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f448681de48..9f16c9426ed 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,12 +1,14 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
DIST nginx-1.13.10.tar.gz 1014863 BLAKE2B 63034dbcddabef7512aef64c9a0ac88a25d154194b122a48298d72dfb91f40dbbd49f96b9416baec0973fc5c6f7dff1b4b71e835b6ee72a8175da760caf3f69d SHA512 33c894e00a13703db4195bc4a1f8fd512af165d8793ba00a7bf25e0e410136c8b4a94b14a81885be5fa2625626c810802282162c6d7a4f1f251a5ffccab218b3
+DIST nginx-1.13.11.tar.gz 1016189 BLAKE2B e6a42f5558a2cfdf15964a419b768a211436fe69c4f77bbce96ce279fe46ad481a69b35eb573907334b7b164dd9a9e43ce1f84a620a325b71d8901878075ea9f SHA512 ae80317b143d3140eaf3b32c2ac1af4f491ec683b849a9565cd1c23d8d9769f23a2d4db346dea017a555da3e2bd7fa39d2710a287193abc5e2853cbb9dc21e63
DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-482761e7c0cf3ea4d1540fc9e14c9dedd80d2f7c.tar.gz 10590 BLAKE2B a707353e7f98f06652b89dc00a7ea40f4e52c05f8adfe9dca0d602d52d48a472fee23f079dca73556a26575960e9079d54ab45e13997cdd949f992322200f01c SHA512 480280c464e3cc3523e9b2bf210afd1bf62fa789d0acb7064c80919184bcbb975131f698a1e589b97ce1664f6cc44e6ac5e20a40188020b3558d38005d66287c
+DIST ngx_brotli-6a1174446f5a866d3d13615dd2824177570f0a69.tar.gz 12771 BLAKE2B 84e8bad6d3006dd919778ebbdb85bfe58dd9546533f824697eb3a0a3c560e858aa91c7ab4adcb2fc851aa7cee974086400607d9f9ddea0596b1b19eb87618a39 SHA512 10ce5360cd7a1edd2623918d5b438ef400dc6c2c030c992f200491448e182aedd8ebebc647d333ef22a393bb172f52d9e01f2a1d8d780e849fc3c0971e4130fe
DIST ngx_brotli-8cd9dd5fc232d3a01644584921e52dae99034779.tar.gz 10585 BLAKE2B d65f068300852b5dbd77184cbcdbd31b14cb30484c5eb8c0d2b757d1d59e97d291b4b06fc11bc861d8796579964c91da2cb359e8fdf75199c655488701619516 SHA512 fa97bea2041d08d3ba07ae1cf6d84c225673b49c9ac8930923997c3ce501358a8bec63e4f3c075e22041f7997b8371a0d1887d73e989b8f27d55a0f72b3ea0f9
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
@@ -32,3 +34,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.1.15.tar.gz 228982 BLAKE2B c880c911c32c7ce7495fcbdc8b003340cd7d4020d7b820275d023729c4367ddea93539978b724d45b965cde44e9c35a4d4dd66138a0765be3b1697fc69abaeb2 SHA512 dd1ff7c95f6a5dd8df2c4b8abc13fc32462d4403d4d4f0e0cf8d4cc16fdd4b97ee563aeee593fcf9e83a463b3131772e8789f015c8ec74b61d90fd4d8699cf2e
+DIST njs-0.2.0.tar.gz 251246 BLAKE2B 76c0be4a98d5782df8d9ecb4b5a6a463a77fd59078f5d25a3763ea5e8633906966fc0a34c98dd9dca2dcc1f54994b0f47d8e80a5903faabbe43865930c2bc267 SHA512 8b1975594f47e49f6d245a99e64e59a3eebf916b9e7e8626e5b1487275688e3dd84691e99ed2207698724dc82d75c54176eb88b9104e847d1cd7db7ead89a391
diff --git a/www-servers/nginx/nginx-1.13.11.ebuild b/www-servers/nginx/nginx-1.13.11.ebuild
new file mode 100644
index 00000000000..bd7a770f74a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.11.ebuild
@@ -0,0 +1,1064 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="6a1174446f5a866d3d13615dd2824177570f0a69"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-04-10 19:29 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-04-10 19:29 UTC (permalink / raw
To: gentoo-commits
commit: 305c7a1680ede160675aee74f83c0448dd28b433
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 10 19:28:48 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 10 19:29:13 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=305c7a16
www-servers/nginx: Bump to v1.13.12 mainline
Package-Manager: Portage-2.3.28, Repoman-2.3.9
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.13.12.ebuild | 1064 ++++++++++++++++++++++++++++++++
2 files changed, 1065 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9f16c9426ed..83a8156c93b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
DIST nginx-1.13.10.tar.gz 1014863 BLAKE2B 63034dbcddabef7512aef64c9a0ac88a25d154194b122a48298d72dfb91f40dbbd49f96b9416baec0973fc5c6f7dff1b4b71e835b6ee72a8175da760caf3f69d SHA512 33c894e00a13703db4195bc4a1f8fd512af165d8793ba00a7bf25e0e410136c8b4a94b14a81885be5fa2625626c810802282162c6d7a4f1f251a5ffccab218b3
DIST nginx-1.13.11.tar.gz 1016189 BLAKE2B e6a42f5558a2cfdf15964a419b768a211436fe69c4f77bbce96ce279fe46ad481a69b35eb573907334b7b164dd9a9e43ce1f84a620a325b71d8901878075ea9f SHA512 ae80317b143d3140eaf3b32c2ac1af4f491ec683b849a9565cd1c23d8d9769f23a2d4db346dea017a555da3e2bd7fa39d2710a287193abc5e2853cbb9dc21e63
+DIST nginx-1.13.12.tar.gz 1016311 BLAKE2B 8b56e1e13c2598181153b9fe5f5a9ac6349ba1d6c98cfca708cb7ae1d3b6eec92df0132091107bc20c0ae1bec15020957c820f9414890151b4b1830f00af2d40 SHA512 c61668d4999d43ccd5ed8e99bd2f6992190503bb3c4103a22871e346feb8cbd049b04416ca7eb982c122a9a29bb21c6bb9f934411dd80bc02d946105f7917873
DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
diff --git a/www-servers/nginx/nginx-1.13.12.ebuild b/www-servers/nginx/nginx-1.13.12.ebuild
new file mode 100644
index 00000000000..bd7a770f74a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.12.ebuild
@@ -0,0 +1,1064 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="6a1174446f5a866d3d13615dd2824177570f0a69"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-04-17 16:37 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-04-17 16:37 UTC (permalink / raw
To: gentoo-commits
commit: 32eee023c07eba04089cf2303857d515be688d5e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 16:30:03 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 16:36:56 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32eee023
www-servers/nginx: Bump to v1.14.0 stable
Based on v1.13.12-r1 mainline. See v1.13.x commits for
changes.
Package-Manager: Portage-2.3.28, Repoman-2.3.9
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.14.0.ebuild | 1064 +++++++++++++++++++++++++++++++++
2 files changed, 1065 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e183788cbf1..4eea681330f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,6 +5,7 @@ DIST nginx-1.13.11.tar.gz 1016189 BLAKE2B e6a42f5558a2cfdf15964a419b768a211436fe
DIST nginx-1.13.12.tar.gz 1016311 BLAKE2B 8b56e1e13c2598181153b9fe5f5a9ac6349ba1d6c98cfca708cb7ae1d3b6eec92df0132091107bc20c0ae1bec15020957c820f9414890151b4b1830f00af2d40 SHA512 c61668d4999d43ccd5ed8e99bd2f6992190503bb3c4103a22871e346feb8cbd049b04416ca7eb982c122a9a29bb21c6bb9f934411dd80bc02d946105f7917873
DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
+DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.14.0.ebuild b/www-servers/nginx/nginx-1.14.0.ebuild
new file mode 100644
index 00000000000..f4739e7cf1d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.0.ebuild
@@ -0,0 +1,1064 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-04-17 17:24 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-04-17 17:24 UTC (permalink / raw
To: gentoo-commits
commit: 071d7cdce4c3fa8f54762b54da941c76bc39bd14
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 17:23:48 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 17:24:26 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=071d7cdc
www-servers/nginx: Fix self block
Package-Manager: Portage-2.3.28, Repoman-2.3.9
www-servers/nginx/nginx-1.14.0.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.0.ebuild b/www-servers/nginx/nginx-1.14.0.ebuild
index f4739e7cf1d..6c27d427217 100644
--- a/www-servers/nginx/nginx-1.14.0.ebuild
+++ b/www-servers/nginx/nginx-1.14.0.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
+ !www-servers/nginx:mainline"
DEPEND="${CDEPEND}
nginx_modules_http_brotli? ( virtual/pkgconfig )
nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-06-21 14:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-06-21 14:04 UTC (permalink / raw
To: gentoo-commits
commit: 50f82e63d1edbb108d6ced5080f325a521d6bae8
Author: Tomas Mozes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Tue Jun 19 10:19:17 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jun 21 14:04:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50f82e63
www-servers/nginx: drop old
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/nginx/nginx-1.15.0.ebuild | 1070 ---------------------------------
1 file changed, 1070 deletions(-)
diff --git a/www-servers/nginx/nginx-1.15.0.ebuild b/www-servers/nginx/nginx-1.15.0.ebuild
deleted file mode 100644
index 7d5c01213da..00000000000
--- a/www-servers/nginx/nginx-1.15.0.ebuild
+++ /dev/null
@@ -1,1070 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.16"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- cd "${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-06-22 10:37 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-06-22 10:37 UTC (permalink / raw
To: gentoo-commits
commit: 1b83d2c4a1acd5b9926bf6899447001e95bb3410
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 22 10:05:00 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 10:36:48 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b83d2c4
www-servers/nginx: Update URL to use HTTPS
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/nginx/metadata.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 8315c7922c7..3eb0471b477 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -21,7 +21,7 @@
<flag name="rtmp">NGINX-based Media Streaming Server</flag>
</use>
<upstream>
- <changelog>http://nginx.org/en/CHANGES</changelog>
+ <changelog>https://nginx.org/en/CHANGES</changelog>
<remote-id type="github">openresty/memc-nginx-module</remote-id>
<remote-id type="bitbucket">nginx-goodies/nginx-sticky-module-ng</remote-id>
</upstream>
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-06-22 10:37 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-06-22 10:37 UTC (permalink / raw
To: gentoo-commits
commit: 8c0aeb860d0f7c3af255abb9705bdfab7c8247d5
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 22 10:35:31 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 10:36:50 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c0aeb86
www-servers/nginx: rev bump
- stable slot synchronized with changes from mainline slot:
- This will add geoip2 support (introduced via commit c020ffdab8)
- Bump some 3rd party modules (see commit 9484e13a for details)
- HTTP VHost Traffic Status module bumped to v0.1.17
- nginScript module bumped to v0.2.2 [Bug 658736]
- brotli module bumped to v0.1.2
Bug: https://bugs.gentoo.org/658736
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/nginx/Manifest | 5 ++--
...{nginx-1.14.0.ebuild => nginx-1.14.0-r1.ebuild} | 33 ++++++++++++++++------
...inx-1.15.0-r1.ebuild => nginx-1.15.0-r2.ebuild} | 16 ++++-------
3 files changed, 32 insertions(+), 22 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e6adcc68326..6b64157a4ab 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,6 +6,7 @@ DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
+DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
DIST ngx_brotli-37ab9b2933a0b756ba3447000b7f31d432ed8228.tar.gz 12692 BLAKE2B 8b969fcd7daf37d790e81ff6dd4d43a210c9097052cc7a2db9f2aa8ad3115ffe175b0839210c234610e5731be35327eb08eb0eb3f28783d272b172df07259651 SHA512 fb12e4b50b9a472ee2f4fe08ffd86c38072a4c254a4f99627d6f2411f915c139f6e7cfe41f29222bc70b57942cde85d8ef2cd5458638201c751cd4c818d65f10
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
@@ -27,7 +28,7 @@ DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a00833
DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
DIST ngx_http_vhost_traffic_status-0.1.15-gentoo.tar.gz 371234 BLAKE2B 6c164d8c5ee4f3a6729989d9ab2ba874dd5dc285f5c52baf50b05880f184d1ef779f320efa36db8228ab15a8885e972664aee2b1d367279edbf840e41a4c8108 SHA512 63bb0d576fb896526e13fd624eb61b0562756d9aef9124be3d4e845312885838b96d93a4233b15e1b0449714c9689ef1e88b680f23f5d9c909b31026d8c13d08
-DIST ngx_http_vhost_traffic_status-0.1.16.tar.gz 371717 BLAKE2B 0f29f721ca38788343de52c7462efcfe846161ed8dc8433979a1189ad2d11f6917c552a58113de1306ad657d8cb62a22d0a94c053801c2e4becdbcd2f16f1552 SHA512 a85f17bff4e47d6e4e45b9493d759d493a3b4564c76ce7c526ff9afe99d4bd7191cecf17c3bad2bd19cdf5dfa4c4eba21baff8bdbf08550485ee4956963f9e73
+DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
@@ -35,4 +36,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.0.tar.gz 251246 BLAKE2B 76c0be4a98d5782df8d9ecb4b5a6a463a77fd59078f5d25a3763ea5e8633906966fc0a34c98dd9dca2dcc1f54994b0f47d8e80a5903faabbe43865930c2bc267 SHA512 8b1975594f47e49f6d245a99e64e59a3eebf916b9e7e8626e5b1487275688e3dd84691e99ed2207698724dc82d75c54176eb88b9104e847d1cd7db7ead89a391
-DIST njs-0.2.1.tar.gz 252791 BLAKE2B a8507c016cef8481c456e675bd4972a018a049933e5ba2d03027f0c871c264d6848d25a9a715fa4e7920b63bfe86470b4f835790296dba6227aad16b80e5a849 SHA512 b924be63b3d8a996dfd5dd120a3103619c52a9193ca442a21f85f2d5e0a30690fa67401125e775cdf2127f659a61e34b8defe63f7fd33e318cca2a7f99c44154
+DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
diff --git a/www-servers/nginx/nginx-1.14.0.ebuild b/www-servers/nginx/nginx-1.14.0-r1.ebuild
similarity index 97%
rename from www-servers/nginx/nginx-1.14.0.ebuild
rename to www-servers/nginx/nginx-1.14.0-r1.ebuild
index 6c27d427217..d680f978495 100644
--- a/www-servers/nginx/nginx-1.14.0.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r1.ebuild
@@ -23,9 +23,9 @@ DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KI
DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_PV="0.1.2"
HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
@@ -59,7 +59,7 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_PV="0.10.13"
HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
@@ -83,9 +83,9 @@ HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HT
HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
@@ -138,7 +138,7 @@ HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/ar
HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_PV="0.19"
HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
@@ -149,8 +149,14 @@ HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.0"
+NJS_MODULE_PV="0.2.2"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -172,6 +178,7 @@ SRC_URI="https://nginx.org/download/${P}.tar.gz
nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
@@ -186,6 +193,7 @@ SRC_URI="https://nginx.org/download/${P}.tar.gz
nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
@@ -219,6 +227,7 @@ NGINX_MODULES_3RD="
http_dav_ext
http_echo
http_fancyindex
+ http_geoip2
http_headers_more
http_javascript
http_lua
@@ -233,6 +242,7 @@ NGINX_MODULES_3RD="
http_upload_progress
http_upstream_check
http_vhost_traffic_status
+ stream_geoip2
stream_javascript
"
@@ -286,6 +296,7 @@ CDEPEND="
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
nginx_modules_http_gunzip? ( sys-libs/zlib )
nginx_modules_http_gzip? ( sys-libs/zlib )
nginx_modules_http_gzip_static? ( sys-libs/zlib )
@@ -575,6 +586,10 @@ src_configure() {
myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
fi
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
fi
@@ -611,7 +626,7 @@ src_configure() {
fi
done
- if use nginx_modules_stream_javascript; then
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
stream_enabled=1
fi
@@ -838,7 +853,7 @@ pkg_postinst() {
if use nginx_modules_http_lua && use http2; then
ewarn ""
ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
fi
local _n_permission_layout_checks=0
diff --git a/www-servers/nginx/nginx-1.15.0-r1.ebuild b/www-servers/nginx/nginx-1.15.0-r2.ebuild
similarity index 98%
rename from www-servers/nginx/nginx-1.15.0-r1.ebuild
rename to www-servers/nginx/nginx-1.15.0-r2.ebuild
index 7283c4caddd..5c4536292af 100644
--- a/www-servers/nginx/nginx-1.15.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.15.0-r2.ebuild
@@ -23,9 +23,9 @@ DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KI
DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_PV="0.1.2"
HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
@@ -83,7 +83,7 @@ HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HT
HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.16"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.1"
+NJS_MODULE_PV="0.2.2"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -415,12 +415,6 @@ src_prepare() {
cd "${S}" || die
fi
- if use nginx_modules_http_vhost_traffic_status; then
- cd "${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
- cd "${S}" || die
- fi
-
find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
# We have config protection, don't rename etc files
sed -i 's:.default::' auto/install || die
@@ -859,7 +853,7 @@ pkg_postinst() {
if use nginx_modules_http_lua && use http2; then
ewarn ""
ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
fi
local _n_permission_layout_checks=0
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-03 15:56 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-03 15:56 UTC (permalink / raw
To: gentoo-commits
commit: 91cef7605d8d9002b5430c365f46e3adf9823819
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 3 15:56:34 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 3 15:56:34 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91cef760
www-servers/nginx: bump to v1.15.1 mainline
- HTTP Fancy Index module bumpe to v0.4.3
- HTTP VHost Traffic Status module bumped to v0.1.18
- HTTP NAXSI module bumped to v0.56
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/nginx/Manifest | 4 +
www-servers/nginx/nginx-1.15.1.ebuild | 1079 +++++++++++++++++++++++++++++++++
2 files changed, 1083 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 613d35ccc7a..42ec7cd0f6c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
+DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -12,12 +13,14 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
+DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
+DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
@@ -25,6 +28,7 @@ DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a00833
DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
+DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
diff --git a/www-servers/nginx/nginx-1.15.1.ebuild b/www-servers/nginx/nginx-1.15.1.ebuild
new file mode 100644
index 00000000000..4d922841b29
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.1.ebuild
@@ -0,0 +1,1079 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-03 16:01 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-03 16:01 UTC (permalink / raw
To: gentoo-commits
commit: 56b9da6fdd8c262569f0f502498c8251137abc6f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 3 15:59:48 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 3 15:59:48 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56b9da6f
www-servers/nginx: rev bump to bump 3rd party modules
- HTTP Fancy Index module bumpe to v0.4.3
- HTTP VHost Traffic Status module bumped to v0.1.18
- HTTP NAXSI module bumped to v0.56
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../nginx/{nginx-1.14.0-r1.ebuild => nginx-1.14.0-r2.ebuild} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/nginx-1.14.0-r1.ebuild b/www-servers/nginx/nginx-1.14.0-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.0-r1.ebuild
rename to www-servers/nginx/nginx-1.14.0-r2.ebuild
index d680f978495..7ff15247d15 100644
--- a/www-servers/nginx/nginx-1.14.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r2.ebuild
@@ -53,7 +53,7 @@ HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${H
HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
@@ -83,13 +83,13 @@ HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HT
HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_PV="0.56"
HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-04 3:17 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-04 3:17 UTC (permalink / raw
To: gentoo-commits
commit: 8cf811287d24ae826093d327defff22e11dcf9cb
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 4 03:13:02 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul 4 03:13:02 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8cf81128
www-servers/nginx: x86 stable (bug #660254)
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/nginx/nginx-1.14.0-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.0-r2.ebuild b/www-servers/nginx/nginx-1.14.0-r2.ebuild
index 7ff15247d15..e5f31a751e8 100644
--- a/www-servers/nginx/nginx-1.14.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r2.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-09 0:26 Mikle Kolyada
0 siblings, 0 replies; 277+ messages in thread
From: Mikle Kolyada @ 2018-07-09 0:26 UTC (permalink / raw
To: gentoo-commits
commit: 6605352002baeffac513142ea274935bccb191bf
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 9 00:25:37 2018 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Mon Jul 9 00:25:37 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66053520
www-servers/nginx: amd64 stable wrt bug #660254
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/nginx/nginx-1.14.0-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.0-r2.ebuild b/www-servers/nginx/nginx-1.14.0-r2.ebuild
index e5f31a751e8..a4c3f22ec71 100644
--- a/www-servers/nginx/nginx-1.14.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r2.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-20 19:44 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-20 19:44 UTC (permalink / raw
To: gentoo-commits
commit: 736ff5f15457d4127770eb388908683a1600ae96
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 19:43:34 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 19:44:08 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=736ff5f1
www-servers/nginx: drop old
Package-Manager: Portage-2.3.43, Repoman-2.3.10
www-servers/nginx/Manifest | 12 -
www-servers/nginx/nginx-1.12.2-r1.ebuild | 1005 ----------------------------
www-servers/nginx/nginx-1.15.0-r2.ebuild | 1079 ------------------------------
3 files changed, 2096 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 42ec7cd0f6c..83bf18b4d20 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,10 +1,7 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
-DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
-DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
-DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
@@ -12,27 +9,18 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f60
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
-DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
-DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
-DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
-DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
-DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
-DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
-DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
-DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
-DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
deleted file mode 100644
index 40d650b17fe..00000000000
--- a/www-servers/nginx/nginx-1.12.2-r1.ebuild
+++ /dev/null
@@ -1,1005 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo gzip limit_req limit_conn map memcached proxy referer
- rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
- upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_upload_progress
- http_headers_more
- http_cache_purge
- http_slowfs_cache
- http_fancyindex
- http_lua
- http_auth_pam
- http_upstream_check
- http_metrics
- http_naxsi
- http_dav_ext
- http_echo
- http_security
- http_push_stream
- http_sticky
- http_mogilefs
- http_memc
- http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_upstream_check; then
- #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.0-r2.ebuild b/www-servers/nginx/nginx-1.15.0-r2.ebuild
deleted file mode 100644
index 5c4536292af..00000000000
--- a/www-servers/nginx/nginx-1.15.0-r2.ebuild
+++ /dev/null
@@ -1,1079 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-20 19:44 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-20 19:44 UTC (permalink / raw
To: gentoo-commits
commit: 0faf2544464e203ea2fd80a14c45cff6f7d8cea5
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 19:41:45 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 19:44:06 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0faf2544
www-servers/nginx: rev bump to fix missing deps for geoip modules
Closes: https://bugs.gentoo.org/661498
Package-Manager: Portage-2.3.43, Repoman-2.3.10
RepoMan-Options: --force
www-servers/nginx/{nginx-1.14.0-r2.ebuild => nginx-1.14.0-r3.ebuild} | 4 +++-
www-servers/nginx/{nginx-1.15.1.ebuild => nginx-1.15.1-r1.ebuild} | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.14.0-r2.ebuild b/www-servers/nginx/nginx-1.14.0-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.0-r2.ebuild
rename to www-servers/nginx/nginx-1.14.0-r3.ebuild
index a4c3f22ec71..9332cae2dbb 100644
--- a/www-servers/nginx/nginx-1.14.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r3.ebuild
@@ -321,7 +321,9 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
!www-servers/nginx:mainline"
diff --git a/www-servers/nginx/nginx-1.15.1.ebuild b/www-servers/nginx/nginx-1.15.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.15.1.ebuild
rename to www-servers/nginx/nginx-1.15.1-r1.ebuild
index 4d922841b29..addae4eea24 100644
--- a/www-servers/nginx/nginx-1.15.1.ebuild
+++ b/www-servers/nginx/nginx-1.15.1-r1.ebuild
@@ -321,7 +321,9 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
!www-servers/nginx:0"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-24 18:16 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-24 18:16 UTC (permalink / raw
To: gentoo-commits
commit: 4f58900abb31400d6ab0c97461dd01fa8d0389bd
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 24 18:15:37 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 24 18:15:56 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f58900a
www-servers/nginx: bump to v1.15.2 mainline
- HTTP VHost Traffic Status module bumped to commit 46d85558e344
Package-Manager: Portage-2.3.43, Repoman-2.3.10
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.15.2.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1083 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 83bf18b4d20..31358801c55 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
+DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
@@ -19,6 +20,7 @@ DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46
DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
+DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
diff --git a/www-servers/nginx/nginx-1.15.2.ebuild b/www-servers/nginx/nginx-1.15.2.ebuild
new file mode 100644
index 00000000000..166f5cc1086
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.2.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-07-31 20:43 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-07-31 20:43 UTC (permalink / raw
To: gentoo-commits
commit: fe0bae189dcc562ff934b8623812fc0ea4790b7a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 31 20:42:43 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 31 20:42:43 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe0bae18
www-servers/nginx: rev bump to bump 3rd party modules
- nginScript module bumped to v0.2.3
Package-Manager: Portage-2.3.44, Repoman-2.3.10
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.2-r1.ebuild | 1081 ++++++++++++++++++++++++++++++
2 files changed, 1082 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 31358801c55..58bdee5c0ef 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
+DIST njs-0.2.3.tar.gz 269695 BLAKE2B 10d5f4ad41b382da8e87ac15ea46db0107e532db68bc3103c27ee0122f9e24fbf61ffdf472baa0ce9c69080abeaf71651d5097acc2a57257099c8e82148ed366 SHA512 0032bc0cb021ca2305164e39a71f7814a4a385cc6079057a53daebe1cd42e78dc6a6d35c7652c38805e8ceb30201333aacce819245a638b8a3779e6f74a2b7a6
diff --git a/www-servers/nginx/nginx-1.15.2-r1.ebuild b/www-servers/nginx/nginx-1.15.2-r1.ebuild
new file mode 100644
index 00000000000..32888e842f4
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.2-r1.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-08-28 16:02 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-08-28 16:02 UTC (permalink / raw
To: gentoo-commits
commit: ce61ab77b289b99f6668084046ae37f59b061fda
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 28 16:01:47 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 28 16:02:12 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce61ab77
www-servers/nginx: bump to v1.15.3 mainline
Package-Manager: Portage-2.3.48, Repoman-2.3.10
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.3.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1082 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 58bdee5c0ef..1f11ed84fd6 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
+DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
diff --git a/www-servers/nginx/nginx-1.15.3.ebuild b/www-servers/nginx/nginx-1.15.3.ebuild
new file mode 100644
index 00000000000..32888e842f4
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.3.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-09-25 15:44 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-09-25 15:44 UTC (permalink / raw
To: gentoo-commits
commit: e90f59378818c65da9ca0136eac931ebdb5c6221
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 25 15:44:21 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Sep 25 15:44:45 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e90f5937
www-servers/nginx: bump to v1.15.4 mainline
- nginScript module bumped to v0.2.4
Package-Manager: Portage-2.3.50, Repoman-2.3.11
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.15.4.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1083 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1f11ed84fd6..60d883a7f69 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab
DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
+DIST nginx-1.15.4.tar.gz 1024694 BLAKE2B e43f04a39f1c4fb42e1f896475341010e7ce5f50653e96dd5c7f71f403a5f4d1641db719f8557b1368338b67d1929032958736eab48b8e08e5ecef5f5dd7ef24 SHA512 9aa20aa2a23b4fac859858f22d09bb1bee74e1d7450e4a9ea8486014078006d8937f5440684d98fa0bb23feec464ec57129da6a70659fff31d9f2ac370684ac8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
@@ -28,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
DIST njs-0.2.3.tar.gz 269695 BLAKE2B 10d5f4ad41b382da8e87ac15ea46db0107e532db68bc3103c27ee0122f9e24fbf61ffdf472baa0ce9c69080abeaf71651d5097acc2a57257099c8e82148ed366 SHA512 0032bc0cb021ca2305164e39a71f7814a4a385cc6079057a53daebe1cd42e78dc6a6d35c7652c38805e8ceb30201333aacce819245a638b8a3779e6f74a2b7a6
+DIST njs-0.2.4.tar.gz 275322 BLAKE2B 78fefb19fcad23295526935c86416b03b53d16f33fde98dea60afe634d5a7dbcf617593ead8d360581b845572625c22325b43d4227128481a04ca5bf8f839724 SHA512 3d8be3442fa90f966c51e3950d75b11f5b5f6c03babe841d5af5c95f1546ce972193840fe19beb70461031c4895425a14faf012d5e755917d703017e9dbf886a
diff --git a/www-servers/nginx/nginx-1.15.4.ebuild b/www-servers/nginx/nginx-1.15.4.ebuild
new file mode 100644
index 00000000000..1ea681b2bcf
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.4.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-10-02 16:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-10-02 16:04 UTC (permalink / raw
To: gentoo-commits
commit: 89adf39fcefbc10946cb26aff4d3df2a870f99e3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 2 16:03:21 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 2 16:04:19 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89adf39f
www-servers/nginx: bump to v1.15.5 mainline
Package-Manager: Portage-2.3.50, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.5.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1082 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 60d883a7f69..2eab1655c94 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae7
DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
DIST nginx-1.15.4.tar.gz 1024694 BLAKE2B e43f04a39f1c4fb42e1f896475341010e7ce5f50653e96dd5c7f71f403a5f4d1641db719f8557b1368338b67d1929032958736eab48b8e08e5ecef5f5dd7ef24 SHA512 9aa20aa2a23b4fac859858f22d09bb1bee74e1d7450e4a9ea8486014078006d8937f5440684d98fa0bb23feec464ec57129da6a70659fff31d9f2ac370684ac8
+DIST nginx-1.15.5.tar.gz 1024791 BLAKE2B 713373b908c40c5cf676cec7698807a7de0a3ba81e8215b00896f178f2369bdbd01318c688276cf9fea8b9274be75eab0fbf403ac629ca730198eccf363ec92f SHA512 90b3d8148fca183bd3f6d16fd9212e2eedbe13f151c079d67086fca5a9f58256b99a87b4444ee18b1f9fb2b65fbe2d5353985145e1c075b6236b31d0ce7e9051
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
diff --git a/www-servers/nginx/nginx-1.15.5.ebuild b/www-servers/nginx/nginx-1.15.5.ebuild
new file mode 100644
index 00000000000..1ea681b2bcf
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.5.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-10-02 16:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-10-02 16:04 UTC (permalink / raw
To: gentoo-commits
commit: 2e2b74317ae763483d7f2f1f79206f528aaefea5
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 2 16:04:08 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 2 16:04:20 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e2b7431
www-servers/nginx: drop old
Package-Manager: Portage-2.3.50, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.15.4.ebuild | 1081 ---------------------------------
2 files changed, 1082 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2eab1655c94..f2a16b9dd49 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,7 +3,6 @@ DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab
DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
-DIST nginx-1.15.4.tar.gz 1024694 BLAKE2B e43f04a39f1c4fb42e1f896475341010e7ce5f50653e96dd5c7f71f403a5f4d1641db719f8557b1368338b67d1929032958736eab48b8e08e5ecef5f5dd7ef24 SHA512 9aa20aa2a23b4fac859858f22d09bb1bee74e1d7450e4a9ea8486014078006d8937f5440684d98fa0bb23feec464ec57129da6a70659fff31d9f2ac370684ac8
DIST nginx-1.15.5.tar.gz 1024791 BLAKE2B 713373b908c40c5cf676cec7698807a7de0a3ba81e8215b00896f178f2369bdbd01318c688276cf9fea8b9274be75eab0fbf403ac629ca730198eccf363ec92f SHA512 90b3d8148fca183bd3f6d16fd9212e2eedbe13f151c079d67086fca5a9f58256b99a87b4444ee18b1f9fb2b65fbe2d5353985145e1c075b6236b31d0ce7e9051
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.15.4.ebuild b/www-servers/nginx/nginx-1.15.4.ebuild
deleted file mode 100644
index 1ea681b2bcf..00000000000
--- a/www-servers/nginx/nginx-1.15.4.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-11-06 16:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-11-06 16:04 UTC (permalink / raw
To: gentoo-commits
commit: 931ea67612c9eb3f435cdf42b3401181e40e6bce
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 6 16:03:49 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 6 16:04:06 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=931ea676
www-servers/nginx: bump to v1.14.1 stable
- nginScript module bumped to v0.2.5
- HTTP VHost Traffic Status module bumped to commit 46d85558e344dfe
- brotli module bumped to commit 8104036af9cff
Bug: https://bugs.gentoo.org/670496
Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.14.1.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1082 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c582c0046ec..18698b286ab 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
+DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
new file mode 100644
index 00000000000..f0f5b608214
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.1.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.5"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-11-06 21:33 Mikle Kolyada
0 siblings, 0 replies; 277+ messages in thread
From: Mikle Kolyada @ 2018-11-06 21:33 UTC (permalink / raw
To: gentoo-commits
commit: d5acf55b3d4820c7c5cfd1a5a5d85f98bdae9d54
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 6 21:33:39 2018 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Nov 6 21:33:39 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5acf55b
www-servers/nginx: amd64 stable wrt bug #670496
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
www-servers/nginx/nginx-1.14.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
index f0f5b608214..887c4c34c9c 100644
--- a/www-servers/nginx/nginx-1.14.1.ebuild
+++ b/www-servers/nginx/nginx-1.14.1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-11-07 23:44 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-11-07 23:44 UTC (permalink / raw
To: gentoo-commits
commit: 2420dc618ff0fe1a1425be3cdbf4a70eb1c91a4c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 7 23:38:10 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 7 23:38:10 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2420dc61
www-servers/nginx: x86 stable (bug #670496)
Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.14.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
index 887c4c34c9c..ba2b07dc015 100644
--- a/www-servers/nginx/nginx-1.14.1.ebuild
+++ b/www-servers/nginx/nginx-1.14.1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-11-27 15:27 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-11-27 15:27 UTC (permalink / raw
To: gentoo-commits
commit: 4987c82a4edaf3d053f0f4b9e835616f4b82f5b9
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 27 15:27:50 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 27 15:27:50 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4987c82a
www-servers/nginx: bump to v1.15.7 mainline
- nginScript module bumped to v0.2.6
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.15.7.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1083 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 28370aeb02d..c251134f4e5 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
+DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -24,3 +25,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
+DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455
diff --git a/www-servers/nginx/nginx-1.15.7.ebuild b/www-servers/nginx/nginx-1.15.7.ebuild
new file mode 100644
index 00000000000..e873f4b5416
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.7.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-12-07 16:11 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-12-07 16:11 UTC (permalink / raw
To: gentoo-commits
commit: 800ba5f5b14da892ecb6e34c231e584c1c48fb1e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 7 16:11:02 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Dec 7 16:11:27 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=800ba5f5
www-servers/nginx: bump to v1.14.2 stable
- nginScript module bumped to v0.2.6
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.14.2.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1082 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c251134f4e5..74c20892a90 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
+DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
diff --git a/www-servers/nginx/nginx-1.14.2.ebuild b/www-servers/nginx/nginx-1.14.2.ebuild
new file mode 100644
index 00000000000..66b09925f1e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.2.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-12-25 15:13 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-12-25 15:13 UTC (permalink / raw
To: gentoo-commits
commit: 31f18ecda24ad306440f306f55702fe216fd7a81
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 25 15:13:03 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 25 15:13:03 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31f18ecd
www-servers/nginx: bump to v1.15.8 mainline
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.8.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 74c20892a90..d49d6e4ecd3 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
+DIST nginx-1.15.8.tar.gz 1027862 BLAKE2B 6330a4fe4ccd4f1def7e086ac1028515323d011dab5609af6a12b548795da14a1fa6b6ab180eef1b1f4085fa5d52f60bda984dd1145e0d9152db14d0335b5304 SHA512 4509f0a0adf189bbdfa068adb120d0c26e594283b84c75f7df256b46e505aab5adda50b845abbbe07ab36f54c5ebefac4660fa315546856fb5114067e70394d3
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.15.8.ebuild b/www-servers/nginx/nginx-1.15.8.ebuild
new file mode 100644
index 00000000000..6fbcd2eaad4
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.8.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ if use luajit; then
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ else
+ export LUA_LIB=$(pkg-config --variable libdir lua)
+ export LUA_INC=$(pkg-config --variable includedir lua)
+ fi
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2018-12-25 16:07 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2018-12-25 16:07 UTC (permalink / raw
To: gentoo-commits
commit: 76a26541f9b6f7237a9cd9ef18d9f0fca1f6723e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 25 16:03:37 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 25 16:06:59 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76a26541
www-servers/nginx: rev bump to bump 3rd party modules
- nginScript module bumped to v0.2.7
- HTTP WebDAV module bumped to v3.0.0
- HTTP ModSecurity module bumped to v2.9.3
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 3 +++
.../nginx/{nginx-1.15.8.ebuild => nginx-1.14.2-r2.ebuild} | 14 +++++++-------
.../nginx/{nginx-1.15.8.ebuild => nginx-1.15.8-r1.ebuild} | 10 +++++-----
3 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index d49d6e4ecd3..fe38043850b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,4 +1,5 @@
DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
+DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
@@ -11,6 +12,7 @@ DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
+DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
@@ -28,3 +30,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455
+DIST njs-0.2.7.tar.gz 287458 BLAKE2B 7c8e1bc2bdf7bd9fb01c27cd734cfcd8184e73d98e49e0a9a4a57dd07b8c5bd84c06af76d9c87876ee963658efbf27a2795b0baf114bc80d22aa2e0f2019508b SHA512 4e148905c098cbb902743d71bfd78360a68eeff4477240faa3f05f33fc66d68964d90d010e8f406d1eb9b34e01a15dc23e5cef1b91207f0c4ca0371373d4d5c9
diff --git a/www-servers/nginx/nginx-1.15.8.ebuild b/www-servers/nginx/nginx-1.14.2-r2.ebuild
similarity index 99%
copy from www-servers/nginx/nginx-1.15.8.ebuild
copy to www-servers/nginx/nginx-1.14.2-r2.ebuild
index 6fbcd2eaad4..aecbc46ff6f 100644
--- a/www-servers/nginx/nginx-1.15.8.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r2.ebuild
@@ -101,7 +101,7 @@ RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODUL
RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
@@ -114,7 +114,7 @@ HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_PV="2.9.3"
HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
+NJS_MODULE_PV="0.2.7"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -201,7 +201,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_security? ( Apache-2.0 )
nginx_modules_http_push_stream? ( GPL-3 )"
-SLOT="mainline"
+SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
@@ -313,7 +313,7 @@ CDEPEND="
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
nginx_modules_http_security? (
dev-libs/apr:=
dev-libs/apr-util:=
@@ -326,7 +326,7 @@ CDEPEND="
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
+ !www-servers/nginx:mainline"
DEPEND="${CDEPEND}
nginx_modules_http_brotli? ( virtual/pkgconfig )
nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
@@ -812,7 +812,7 @@ src_install() {
if use nginx_modules_http_security; then
docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
fi
if use nginx_modules_http_push_stream; then
diff --git a/www-servers/nginx/nginx-1.15.8.ebuild b/www-servers/nginx/nginx-1.15.8-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.15.8.ebuild
rename to www-servers/nginx/nginx-1.15.8-r1.ebuild
index 6fbcd2eaad4..7a4dcf18e15 100644
--- a/www-servers/nginx/nginx-1.15.8.ebuild
+++ b/www-servers/nginx/nginx-1.15.8-r1.ebuild
@@ -101,7 +101,7 @@ RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODUL
RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
@@ -114,7 +114,7 @@ HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_PV="2.9.3"
HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
+NJS_MODULE_PV="0.2.7"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -313,7 +313,7 @@ CDEPEND="
nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
nginx_modules_http_auth_pam? ( virtual/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
nginx_modules_http_security? (
dev-libs/apr:=
dev-libs/apr-util:=
@@ -812,7 +812,7 @@ src_install() {
if use nginx_modules_http_security; then
docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
fi
if use nginx_modules_http_push_stream; then
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-02-26 19:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-02-26 19:04 UTC (permalink / raw
To: gentoo-commits
commit: 1b638a3a7990f381a54414ecc5a6fd334b06a00c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 19:01:50 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 19:03:55 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b638a3a
www-servers/nginx: rev bump to bump 3rd party modules
- nginScript module bumped to v0.2.9
- HTTP LUA module bumped to v0.10.14; The new module requires
USE=luajit [Link 1]
Link 1: https://github.com/openresty/lua-nginx-module/commit/7286812116940216344ade33722c49ae47037605
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.14.2-r3.ebuild | 1085 ++++++++++++++++++++++++++++++
1 file changed, 1085 insertions(+)
diff --git a/www-servers/nginx/nginx-1.14.2-r3.ebuild b/www-servers/nginx/nginx-1.14.2-r3.ebuild
new file mode 100644
index 00000000000..146f0900861
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.2-r3.ebuild
@@ -0,0 +1,1085 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-02-26 19:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-02-26 19:04 UTC (permalink / raw
To: gentoo-commits
commit: 6ef7a2b29362321b2e2c35b1d56e8921b75f5d4e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 19:02:47 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 19:03:56 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ef7a2b2
www-servers/nginx: amd64 & x86 stable
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.14.2-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.2-r3.ebuild b/www-servers/nginx/nginx-1.14.2-r3.ebuild
index 146f0900861..c7c8f616f3a 100644
--- a/www-servers/nginx/nginx-1.14.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r3.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-02-26 19:04 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-02-26 19:04 UTC (permalink / raw
To: gentoo-commits
commit: 8d3f825f4c0e8837f3f36bc8b974f2ce01726c1d
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 19:03:43 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 19:03:57 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d3f825f
www-servers/nginx: drop old
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 10 -
www-servers/nginx/nginx-1.14.1.ebuild | 1081 -----------------------------
www-servers/nginx/nginx-1.14.2-r1.ebuild | 1087 ------------------------------
www-servers/nginx/nginx-1.14.2-r2.ebuild | 1087 ------------------------------
www-servers/nginx/nginx-1.15.6.ebuild | 1081 -----------------------------
www-servers/nginx/nginx-1.15.7-r1.ebuild | 1087 ------------------------------
www-servers/nginx/nginx-1.15.8-r1.ebuild | 1087 ------------------------------
7 files changed, 6520 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b7303ac6757..02b3cd98366 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,10 +1,5 @@
-DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
-DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
-DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
-DIST nginx-1.15.8.tar.gz 1027862 BLAKE2B 6330a4fe4ccd4f1def7e086ac1028515323d011dab5609af6a12b548795da14a1fa6b6ab180eef1b1f4085fa5d52f60bda984dd1145e0d9152db14d0335b5304 SHA512 4509f0a0adf189bbdfa068adb120d0c26e594283b84c75f7df256b46e505aab5adda50b845abbbe07ab36f54c5ebefac4660fa315546856fb5114067e70394d3
DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -12,13 +7,11 @@ DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
-DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
-DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
@@ -30,7 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
-DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455
-DIST njs-0.2.7.tar.gz 287458 BLAKE2B 7c8e1bc2bdf7bd9fb01c27cd734cfcd8184e73d98e49e0a9a4a57dd07b8c5bd84c06af76d9c87876ee963658efbf27a2795b0baf114bc80d22aa2e0f2019508b SHA512 4e148905c098cbb902743d71bfd78360a68eeff4477240faa3f05f33fc66d68964d90d010e8f406d1eb9b34e01a15dc23e5cef1b91207f0c4ca0371373d4d5c9
DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
deleted file mode 100644
index ba2b07dc015..00000000000
--- a/www-servers/nginx/nginx-1.14.1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.14.2-r1.ebuild b/www-servers/nginx/nginx-1.14.2-r1.ebuild
deleted file mode 100644
index 08100e45578..00000000000
--- a/www-servers/nginx/nginx-1.14.2-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.14.2-r2.ebuild b/www-servers/nginx/nginx-1.14.2-r2.ebuild
deleted file mode 100644
index aecbc46ff6f..00000000000
--- a/www-servers/nginx/nginx-1.14.2-r2.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.6.ebuild b/www-servers/nginx/nginx-1.15.6.ebuild
deleted file mode 100644
index 0c5b2a38c67..00000000000
--- a/www-servers/nginx/nginx-1.15.6.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.7-r1.ebuild b/www-servers/nginx/nginx-1.15.7-r1.ebuild
deleted file mode 100644
index 6fbcd2eaad4..00000000000
--- a/www-servers/nginx/nginx-1.15.7-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/expat )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.8-r1.ebuild b/www-servers/nginx/nginx-1.15.8-r1.ebuild
deleted file mode 100644
index 7a4dcf18e15..00000000000
--- a/www-servers/nginx/nginx-1.15.8-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? ( nginx_modules_http_rewrite )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- if use luajit; then
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- else
- export LUA_LIB=$(pkg-config --variable libdir lua)
- export LUA_INC=$(pkg-config --variable includedir lua)
- fi
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-03-26 14:46 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-03-26 14:46 UTC (permalink / raw
To: gentoo-commits
commit: e915ed35a03e129e96a1e5b464226391b4bf968f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 26 14:46:00 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 26 14:46:11 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e915ed35
www-servers/nginx: bump to v1.15.10
- nginScript module bumped to v0.3.0
- GeoIP2 module bumped to v3.2
Closes: https://github.com/gentoo/gentoo/pull/11439
Closes: https://bugs.gentoo.org/681038
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.15.10.ebuild | 1085 ++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 02b3cd98366..5f712acefbe 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
+DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -11,6 +12,7 @@ DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa5
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
+DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
@@ -24,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
+DIST njs-0.3.0.tar.gz 307613 BLAKE2B 3385fc9a102791bdca093d3e49869b64fbf29c1ee7c4fbabf26461e1e57dea5844afb94ecb427aab50682f57b18f732db0acaa4575df375295510c046ae09c75 SHA512 9dfbe3adb00f8b7181b13a3b6192326ab8979bc43106075faf271fcfc28fc2e90a3716a2fbcd44edde5c466f2be906e22ae763d948e141b052a28110c1eca13a
diff --git a/www-servers/nginx/nginx-1.15.10.ebuild b/www-servers/nginx/nginx-1.15.10.ebuild
new file mode 100644
index 00000000000..530a35c1e9e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.10.ebuild
@@ -0,0 +1,1085 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-04-13 3:48 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-04-13 3:48 UTC (permalink / raw
To: gentoo-commits
commit: 8ba4103ce81eb35df012550409f681cbbae1c9d0
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 13 03:46:33 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 13 03:46:33 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ba4103c
www-servers/nginx: bump to v1.15.11 mainline
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.11.ebuild | 1089 ++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5f712acefbe..0d74a7ce8a0 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
+DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.15.11.ebuild b/www-servers/nginx/nginx-1.15.11.ebuild
new file mode 100644
index 00000000000..fa8c6508592
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.11.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-04-13 3:48 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-04-13 3:48 UTC (permalink / raw
To: gentoo-commits
commit: fca566ef8b92459424c1ce6d9157726773992ed3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 13 03:48:45 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 13 03:48:45 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fca566ef
www-servers/nginx: add pax-mark for USE=pax-mark
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
.../nginx/{nginx-1.14.2-r3.ebuild => nginx-1.14.2-r4.ebuild} | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.14.2-r3.ebuild b/www-servers/nginx/nginx-1.14.2-r4.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.2-r3.ebuild
rename to www-servers/nginx/nginx-1.14.2-r4.ebuild
index c7c8f616f3a..dde537f4fa2 100644
--- a/www-servers/nginx/nginx-1.14.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r4.ebuild
@@ -165,7 +165,7 @@ NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
SSL_DEPS_SKIP=1
AUTOTOOLS_AUTO_DEPEND="no"
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
HOMEPAGE="https://nginx.org"
@@ -751,6 +751,10 @@ src_install() {
insinto /etc/logrotate.d
newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
if use nginx_modules_http_perl; then
cd "${S}"/objs/src/http/modules/perl/ || die
emake DESTDIR="${D}" INSTALLDIRS=vendor
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-04-16 15:50 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-04-16 15:50 UTC (permalink / raw
To: gentoo-commits
commit: 191ab59ed2c626408fcb7810f514064311d417f1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 16 15:45:07 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 16 15:50:19 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=191ab59e
www-servers/nginx: bump to v1.15.12 mainline
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.12.ebuild | 1089 ++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 0d74a7ce8a0..5f6dd8d7add 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
+DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.15.12.ebuild b/www-servers/nginx/nginx-1.15.12.ebuild
new file mode 100644
index 00000000000..fa8c6508592
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.12.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-04-24 22:27 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-04-24 22:27 UTC (permalink / raw
To: gentoo-commits
commit: 610dd2271b52aa8fef414e12d352ea7a9045ddd7
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 21:55:07 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:01:56 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=610dd227
www-servers/nginx: rev bump
- nginScript module bumped to v0.3.1
Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.15.12-r1.ebuild | 1089 +++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5f6dd8d7add..c2767dbc5be 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
DIST njs-0.3.0.tar.gz 307613 BLAKE2B 3385fc9a102791bdca093d3e49869b64fbf29c1ee7c4fbabf26461e1e57dea5844afb94ecb427aab50682f57b18f732db0acaa4575df375295510c046ae09c75 SHA512 9dfbe3adb00f8b7181b13a3b6192326ab8979bc43106075faf271fcfc28fc2e90a3716a2fbcd44edde5c466f2be906e22ae763d948e141b052a28110c1eca13a
+DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d
diff --git a/www-servers/nginx/nginx-1.15.12-r1.ebuild b/www-servers/nginx/nginx-1.15.12-r1.ebuild
new file mode 100644
index 00000000000..1ef25b42141
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.12-r1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-04-24 22:27 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-04-24 22:27 UTC (permalink / raw
To: gentoo-commits
commit: a1f423ebdfe119cd4cb938c089a0510aa7bfaa0e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 21:57:32 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:01:58 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1f423eb
www-servers/nginx: bump to v1.16.0 stable
Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.16.0.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c2767dbc5be..2b248105640 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfea
DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
+DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.16.0.ebuild b/www-servers/nginx/nginx-1.16.0.ebuild
new file mode 100644
index 00000000000..1b4b842834f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.16.0.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-04-24 22:27 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-04-24 22:27 UTC (permalink / raw
To: gentoo-commits
commit: 75619dc24683e634fa7c57aa84ae22e521d5c8fc
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 21:58:32 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:01:59 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75619dc2
www-servers/nginx: drop old
Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 4 -
www-servers/nginx/nginx-1.15.10.ebuild | 1085 -------------------------------
www-servers/nginx/nginx-1.15.11.ebuild | 1089 --------------------------------
www-servers/nginx/nginx-1.15.12.ebuild | 1089 --------------------------------
www-servers/nginx/nginx-1.15.9.ebuild | 1085 -------------------------------
5 files changed, 4352 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2b248105640..67eb1b6ceb8 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,9 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
-DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
-DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
-DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -29,5 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
-DIST njs-0.3.0.tar.gz 307613 BLAKE2B 3385fc9a102791bdca093d3e49869b64fbf29c1ee7c4fbabf26461e1e57dea5844afb94ecb427aab50682f57b18f732db0acaa4575df375295510c046ae09c75 SHA512 9dfbe3adb00f8b7181b13a3b6192326ab8979bc43106075faf271fcfc28fc2e90a3716a2fbcd44edde5c466f2be906e22ae763d948e141b052a28110c1eca13a
DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d
diff --git a/www-servers/nginx/nginx-1.15.10.ebuild b/www-servers/nginx/nginx-1.15.10.ebuild
deleted file mode 100644
index 530a35c1e9e..00000000000
--- a/www-servers/nginx/nginx-1.15.10.ebuild
+++ /dev/null
@@ -1,1085 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.11.ebuild b/www-servers/nginx/nginx-1.15.11.ebuild
deleted file mode 100644
index fa8c6508592..00000000000
--- a/www-servers/nginx/nginx-1.15.11.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.12.ebuild b/www-servers/nginx/nginx-1.15.12.ebuild
deleted file mode 100644
index fa8c6508592..00000000000
--- a/www-servers/nginx/nginx-1.15.12.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.9.ebuild b/www-servers/nginx/nginx-1.15.9.ebuild
deleted file mode 100644
index 0358257509e..00000000000
--- a/www-servers/nginx/nginx-1.15.9.ebuild
+++ /dev/null
@@ -1,1085 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-05-21 15:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-05-21 15:12 UTC (permalink / raw
To: gentoo-commits
commit: 795099eac16f7bfad6c836e6c514c3efca5b2425
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:07:41 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:55 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=795099ea
www-servers/nginx: bump to v1.17.0 mainline
- nginScript module bumped to v0.3.2
- HTTP LUA module bumped to v0.10.15
Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.17.0.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1092 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 67eb1b6ceb8..c49095dcccb 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
+DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -15,6 +16,7 @@ DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d
DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
+DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
@@ -27,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d
+DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
diff --git a/www-servers/nginx/nginx-1.17.0.ebuild b/www-servers/nginx/nginx-1.17.0.ebuild
new file mode 100644
index 00000000000..2985eb0886b
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.0.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-05-21 15:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-05-21 15:12 UTC (permalink / raw
To: gentoo-commits
commit: 39515d7bd653357aa676db7ecec780ee41082772
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:11:12 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:57 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39515d7b
www-servers/nginx: amd64 & x86 stable
Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.16.0-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.16.0-r1.ebuild b/www-servers/nginx/nginx-1.16.0-r1.ebuild
index 5ff5af84a7e..75a7cb6a7bb 100644
--- a/www-servers/nginx/nginx-1.16.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.16.0-r1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-05-21 15:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-05-21 15:12 UTC (permalink / raw
To: gentoo-commits
commit: 6db7bd5b06933cb95f1c57f5c97d18ca3006d8ba
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:09:25 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:56 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6db7bd5b
www-servers/nginx: rev bump to bump 3rd party modules
- nginScript module bumped to v0.3.2
- HTTP LUA module bumped to v0.10.15
Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.16.0-r1.ebuild | 1089 ++++++++++++++++++++++++++++++
1 file changed, 1089 insertions(+)
diff --git a/www-servers/nginx/nginx-1.16.0-r1.ebuild b/www-servers/nginx/nginx-1.16.0-r1.ebuild
new file mode 100644
index 00000000000..5ff5af84a7e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.16.0-r1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-05-21 15:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-05-21 15:12 UTC (permalink / raw
To: gentoo-commits
commit: 5fdf3186cecdd5096f4da7cf89951db6956561b9
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:11:46 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:58 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fdf3186
www-servers/nginx: security cleanup
Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 6 -
www-servers/nginx/nginx-1.14.2-r4.ebuild | 1089 -----------------------------
www-servers/nginx/nginx-1.15.12-r1.ebuild | 1089 -----------------------------
www-servers/nginx/nginx-1.16.0.ebuild | 1089 -----------------------------
4 files changed, 3273 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c49095dcccb..4b2d4b0b803 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,4 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
-DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
@@ -12,10 +10,8 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
-DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
-DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
@@ -27,6 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
-DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d
DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
diff --git a/www-servers/nginx/nginx-1.14.2-r4.ebuild b/www-servers/nginx/nginx-1.14.2-r4.ebuild
deleted file mode 100644
index dde537f4fa2..00000000000
--- a/www-servers/nginx/nginx-1.14.2-r4.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.15.12-r1.ebuild b/www-servers/nginx/nginx-1.15.12-r1.ebuild
deleted file mode 100644
index 1ef25b42141..00000000000
--- a/www-servers/nginx/nginx-1.15.12-r1.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.16.0.ebuild b/www-servers/nginx/nginx-1.16.0.ebuild
deleted file mode 100644
index 1b4b842834f..00000000000
--- a/www-servers/nginx/nginx-1.16.0.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-06-25 13:29 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-06-25 13:29 UTC (permalink / raw
To: gentoo-commits
commit: b15e19a967e5b45884d922965a184a593d49edc8
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 25 13:20:40 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 25 13:28:18 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b15e19a9
www-servers/nginx: bump to v1.17.1 mainline
- nginScript module bumped to v0.3.3
Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.17.1.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1091 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 4b2d4b0b803..1990f65d43a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
+DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -24,3 +25,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
+DIST njs-0.3.3.tar.gz 333026 BLAKE2B 0ccf8978fefd2f70a615fc3f8bc583754c81201aea2ebae2d451c8cc379d510a7ed91d432c86d261656a20c444b3032b93d4fa7bff90f3dc6cbd023f2cf82228 SHA512 c84cb5aed0abfc54843249e18f21d193927d92213bdff2744d0a96d6fd3131c89284c7822f6d4d456ba809931b220d891939b4a1c6e0d07ddad67d9e4437ddf5
diff --git a/www-servers/nginx/nginx-1.17.1.ebuild b/www-servers/nginx/nginx-1.17.1.ebuild
new file mode 100644
index 00000000000..57e48d2bc60
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-07-23 21:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-07-23 21:12 UTC (permalink / raw
To: gentoo-commits
commit: 168f9e0515e1a13b96a61d5b7c3e430fe92b06b5
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 23 20:51:51 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 23 21:12:26 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=168f9e05
www-servers/nginx: bump to v1.17.2 mainline
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.17.2.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1990f65d43a..f9d947d8bf7 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
+DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.17.2.ebuild b/www-servers/nginx/nginx-1.17.2.ebuild
new file mode 100644
index 00000000000..57e48d2bc60
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.2.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-08-13 20:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-08-13 20:12 UTC (permalink / raw
To: gentoo-commits
commit: a80f81afa3fb1995ae109876afd4c7e815c8233a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 13 18:46:32 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 13 20:12:21 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a80f81af
www-servers/nginx: bump to v1.17.3 mainline
- ngx_devel_kit bumped to v0.3.1
- nginScript module bumped to v0.3.4
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.17.3.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1092 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f9d947d8bf7..0ca8213e853 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,10 +3,12 @@ DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06
DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
+DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
+DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
@@ -27,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
DIST njs-0.3.3.tar.gz 333026 BLAKE2B 0ccf8978fefd2f70a615fc3f8bc583754c81201aea2ebae2d451c8cc379d510a7ed91d432c86d261656a20c444b3032b93d4fa7bff90f3dc6cbd023f2cf82228 SHA512 c84cb5aed0abfc54843249e18f21d193927d92213bdff2744d0a96d6fd3131c89284c7822f6d4d456ba809931b220d891939b4a1c6e0d07ddad67d9e4437ddf5
+DIST njs-0.3.4.tar.gz 338783 BLAKE2B a68e0f85b9a2ac792ed33ccfb4d801b8f64272cd11e0174a9ed1f27a1dee609721fc8ff86f2844584a6aa583fda84a729baecf104e80e852776525d05b6f3c47 SHA512 bf0100d62c89a2594c95e803c06a375bcfcc65e337b0b0e43906abef6020070ec95a7eff24837b14c139f9a568b099847a7942a3f4012a3d9abaffdc12915385
diff --git a/www-servers/nginx/nginx-1.17.3.ebuild b/www-servers/nginx/nginx-1.17.3.ebuild
new file mode 100644
index 00000000000..62d74e6fb71
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.3.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-08-13 20:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-08-13 20:12 UTC (permalink / raw
To: gentoo-commits
commit: dc336e7a9dba4b1789e12715ff5f6a30cb9ff128
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 13 18:49:53 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 13 20:12:22 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc336e7a
www-servers/nginx: bump to v1.16.1 stable
- ngx_devel_kit bumped to v0.3.1
- nginScript module bumped to v0.3.4
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.16.1.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 0ca8213e853..36eb160861a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
+DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
diff --git a/www-servers/nginx/nginx-1.16.1.ebuild b/www-servers/nginx/nginx-1.16.1.ebuild
new file mode 100644
index 00000000000..51d2b491ee6
--- /dev/null
+++ b/www-servers/nginx/nginx-1.16.1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-08-13 20:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-08-13 20:12 UTC (permalink / raw
To: gentoo-commits
commit: c6f1f854fe4f075c800dce37eb4ac1e4315a9dd2
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 13 20:09:14 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 13 20:12:23 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6f1f854
www-servers/nginx: amd64 & x86 stable
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.16.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.16.1.ebuild b/www-servers/nginx/nginx-1.16.1.ebuild
index 51d2b491ee6..167b600534e 100644
--- a/www-servers/nginx/nginx-1.16.1.ebuild
+++ b/www-servers/nginx/nginx-1.16.1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-08-13 20:12 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-08-13 20:12 UTC (permalink / raw
To: gentoo-commits
commit: 7b4720c48a142776f4448d6dbfc0c55a10116442
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 13 20:12:06 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 13 20:12:24 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b4720c4
www-servers/nginx: security cleanup
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 7 -
www-servers/nginx/nginx-1.16.0-r1.ebuild | 1089 ------------------------------
www-servers/nginx/nginx-1.17.0.ebuild | 1089 ------------------------------
www-servers/nginx/nginx-1.17.1.ebuild | 1089 ------------------------------
www-servers/nginx/nginx-1.17.2.ebuild | 1089 ------------------------------
5 files changed, 4363 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 36eb160861a..d3e48d2187c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,14 +1,9 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
-DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
-DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
-DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
-DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
@@ -28,6 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
-DIST njs-0.3.3.tar.gz 333026 BLAKE2B 0ccf8978fefd2f70a615fc3f8bc583754c81201aea2ebae2d451c8cc379d510a7ed91d432c86d261656a20c444b3032b93d4fa7bff90f3dc6cbd023f2cf82228 SHA512 c84cb5aed0abfc54843249e18f21d193927d92213bdff2744d0a96d6fd3131c89284c7822f6d4d456ba809931b220d891939b4a1c6e0d07ddad67d9e4437ddf5
DIST njs-0.3.4.tar.gz 338783 BLAKE2B a68e0f85b9a2ac792ed33ccfb4d801b8f64272cd11e0174a9ed1f27a1dee609721fc8ff86f2844584a6aa583fda84a729baecf104e80e852776525d05b6f3c47 SHA512 bf0100d62c89a2594c95e803c06a375bcfcc65e337b0b0e43906abef6020070ec95a7eff24837b14c139f9a568b099847a7942a3f4012a3d9abaffdc12915385
diff --git a/www-servers/nginx/nginx-1.16.0-r1.ebuild b/www-servers/nginx/nginx-1.16.0-r1.ebuild
deleted file mode 100644
index 75a7cb6a7bb..00000000000
--- a/www-servers/nginx/nginx-1.16.0-r1.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.0.ebuild b/www-servers/nginx/nginx-1.17.0.ebuild
deleted file mode 100644
index 2985eb0886b..00000000000
--- a/www-servers/nginx/nginx-1.17.0.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.1.ebuild b/www-servers/nginx/nginx-1.17.1.ebuild
deleted file mode 100644
index 57e48d2bc60..00000000000
--- a/www-servers/nginx/nginx-1.17.1.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.2.ebuild b/www-servers/nginx/nginx-1.17.2.ebuild
deleted file mode 100644
index 57e48d2bc60..00000000000
--- a/www-servers/nginx/nginx-1.17.2.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-08-15 17:10 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-08-15 17:10 UTC (permalink / raw
To: gentoo-commits
commit: 17a63a2d11a470afa4a9ddd2fbbcae602e7d36df
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 15 17:09:47 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Aug 15 17:10:30 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17a63a2d
www-servers/nginx: update njs add-on
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.16.1.ebuild => nginx-1.16.1-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.17.3.ebuild => nginx-1.17.3-r1.ebuild} | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index d3e48d2187c..12a40a50607 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -23,4 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.3.4.tar.gz 338783 BLAKE2B a68e0f85b9a2ac792ed33ccfb4d801b8f64272cd11e0174a9ed1f27a1dee609721fc8ff86f2844584a6aa583fda84a729baecf104e80e852776525d05b6f3c47 SHA512 bf0100d62c89a2594c95e803c06a375bcfcc65e337b0b0e43906abef6020070ec95a7eff24837b14c139f9a568b099847a7942a3f4012a3d9abaffdc12915385
+DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
diff --git a/www-servers/nginx/nginx-1.16.1.ebuild b/www-servers/nginx/nginx-1.16.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.16.1.ebuild
rename to www-servers/nginx/nginx-1.16.1-r1.ebuild
index 167b600534e..545fb998058 100644
--- a/www-servers/nginx/nginx-1.16.1.ebuild
+++ b/www-servers/nginx/nginx-1.16.1-r1.ebuild
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.4"
+NJS_MODULE_PV="0.3.5"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
diff --git a/www-servers/nginx/nginx-1.17.3.ebuild b/www-servers/nginx/nginx-1.17.3-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.17.3.ebuild
rename to www-servers/nginx/nginx-1.17.3-r1.ebuild
index 62d74e6fb71..fdcbac0c5c8 100644
--- a/www-servers/nginx/nginx-1.17.3.ebuild
+++ b/www-servers/nginx/nginx-1.17.3-r1.ebuild
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.4"
+NJS_MODULE_PV="0.3.5"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-09-24 15:30 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-09-24 15:30 UTC (permalink / raw
To: gentoo-commits
commit: 69adb6acb3fe3146be2690d95f315f99939b5e85
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 24 15:25:50 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Sep 24 15:30:46 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69adb6ac
www-servers/nginx: bump v1.17.4
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.17.4.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 12a40a50607..76d8739273e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
+DIST nginx-1.17.4.tar.gz 1034845 BLAKE2B 59e32fc4a625ec91696d3c18beb270ab2980f3a33a2952e8f43ce24e5a6a7fecff774ee20b1377dbfc0cee58651c78bb6d2cd2505f32a96966a200dce9569267 SHA512 fb7275c47d2416b597415f736771f8f4f3cdbba33728d9ca8ddb56b8266076a5ec5e63c735215a8d022f685b67d663fdaaac0c95db465a82f79f01d502feaa82
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.17.4.ebuild b/www-servers/nginx/nginx-1.17.4.ebuild
new file mode 100644
index 00000000000..fdcbac0c5c8
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.4.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.5"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-10-12 18:14 Mikle Kolyada
0 siblings, 0 replies; 277+ messages in thread
From: Mikle Kolyada @ 2019-10-12 18:14 UTC (permalink / raw
To: gentoo-commits
commit: d485c3ad8e8aaedc6ae0c5d93c02f15191fdc435
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 12 18:14:09 2019 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Oct 12 18:14:09 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d485c3ad
www-servers/nginx: migrate to sys-libs/pam
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
www-servers/nginx/nginx-1.16.1-r1.ebuild | 2 +-
www-servers/nginx/nginx-1.17.3-r1.ebuild | 2 +-
www-servers/nginx/nginx-1.17.4.ebuild | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/nginx-1.16.1-r1.ebuild b/www-servers/nginx/nginx-1.16.1-r1.ebuild
index 72b6b79cad3..fcb191046b1 100644
--- a/www-servers/nginx/nginx-1.16.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.16.1-r1.ebuild
@@ -311,7 +311,7 @@ CDEPEND="
)
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
nginx_modules_http_security? (
diff --git a/www-servers/nginx/nginx-1.17.3-r1.ebuild b/www-servers/nginx/nginx-1.17.3-r1.ebuild
index 079bde41071..e855a007bab 100644
--- a/www-servers/nginx/nginx-1.17.3-r1.ebuild
+++ b/www-servers/nginx/nginx-1.17.3-r1.ebuild
@@ -311,7 +311,7 @@ CDEPEND="
)
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
nginx_modules_http_security? (
diff --git a/www-servers/nginx/nginx-1.17.4.ebuild b/www-servers/nginx/nginx-1.17.4.ebuild
index 079bde41071..e855a007bab 100644
--- a/www-servers/nginx/nginx-1.17.4.ebuild
+++ b/www-servers/nginx/nginx-1.17.4.ebuild
@@ -311,7 +311,7 @@ CDEPEND="
)
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( virtual/pam )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
nginx_modules_http_security? (
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-10-22 21:01 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-10-22 21:01 UTC (permalink / raw
To: gentoo-commits
commit: d4ac1899ecceeb2265acabcd05fed86f903ffa90
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 22 20:57:52 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 22 21:01:01 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4ac1899
www-servers/nginx: bump to v1.17.5
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.17.5.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1091 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 76d8739273e..6771cdf6392 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
DIST nginx-1.17.4.tar.gz 1034845 BLAKE2B 59e32fc4a625ec91696d3c18beb270ab2980f3a33a2952e8f43ce24e5a6a7fecff774ee20b1377dbfc0cee58651c78bb6d2cd2505f32a96966a200dce9569267 SHA512 fb7275c47d2416b597415f736771f8f4f3cdbba33728d9ca8ddb56b8266076a5ec5e63c735215a8d022f685b67d663fdaaac0c95db465a82f79f01d502feaa82
+DIST nginx-1.17.5.tar.gz 1036056 BLAKE2B 7f5c804651011a28d0d6e166a13e082f74173c0e447a88f013fa505e32994f65c159d755c473fa50eb7dc293c554961da23e61b1d59a429985ca6fc82fe69145 SHA512 b6799ddce7135646aa1f0b4405bcdab41d5065fbadcdeeb875f6fae4953159aa57b9104afe815748b0aab0e4d532e7771ccce487d7c4519e423d110f3715da7c
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -25,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
+DIST njs-0.3.6.tar.gz 354475 BLAKE2B a2f3be7c83dd46bb8a7300460b580e053eaa78f2bcc835dd7b586457f045ea63eaa591873041648e3aa3aefce1d47a999b52667adfccadf0439066bfbff73673 SHA512 1973824bb434e9640626c132dac932da7615b534486ab76081a075be4f4e9fdf75a9a400c0d504750a5da341cebb20e6357710149e6de66ac8df8ee4cb1576bb
diff --git a/www-servers/nginx/nginx-1.17.5.ebuild b/www-servers/nginx/nginx-1.17.5.ebuild
new file mode 100644
index 00000000000..881ff630472
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.5.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-11-19 14:45 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-11-19 14:45 UTC (permalink / raw
To: gentoo-commits
commit: b4df56638c786b88731fd3f6dc7c52ecf14b3615
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 19 14:38:57 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 19 14:45:09 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4df5663
www-servers/nginx: bump to v1.17.6 mainline
- nginScript module bumped to v0.3.7
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.17.6.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1091 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6771cdf6392..4f8f32e5098 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7e
DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
DIST nginx-1.17.4.tar.gz 1034845 BLAKE2B 59e32fc4a625ec91696d3c18beb270ab2980f3a33a2952e8f43ce24e5a6a7fecff774ee20b1377dbfc0cee58651c78bb6d2cd2505f32a96966a200dce9569267 SHA512 fb7275c47d2416b597415f736771f8f4f3cdbba33728d9ca8ddb56b8266076a5ec5e63c735215a8d022f685b67d663fdaaac0c95db465a82f79f01d502feaa82
DIST nginx-1.17.5.tar.gz 1036056 BLAKE2B 7f5c804651011a28d0d6e166a13e082f74173c0e447a88f013fa505e32994f65c159d755c473fa50eb7dc293c554961da23e61b1d59a429985ca6fc82fe69145 SHA512 b6799ddce7135646aa1f0b4405bcdab41d5065fbadcdeeb875f6fae4953159aa57b9104afe815748b0aab0e4d532e7771ccce487d7c4519e423d110f3715da7c
+DIST nginx-1.17.6.tar.gz 1037527 BLAKE2B b642ed0f6a072949d4eefc0676f51bd20b599d621c6d65b9567b2aebee680e2129987040eb1e3e4b8e1ff5e8ff3d215bc61e1ba3a8fe4255968ba5ad7715ffd6 SHA512 8ad6c3d066bf51f3fde3454bb93f2eeab0412d1c10eac0841fd50ec25b0f1204c85f15cb950c6bbe128c0ff72efe5b0bb804b5d66a8bf6234e0e4776aa67b9eb
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -27,3 +28,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
DIST njs-0.3.6.tar.gz 354475 BLAKE2B a2f3be7c83dd46bb8a7300460b580e053eaa78f2bcc835dd7b586457f045ea63eaa591873041648e3aa3aefce1d47a999b52667adfccadf0439066bfbff73673 SHA512 1973824bb434e9640626c132dac932da7615b534486ab76081a075be4f4e9fdf75a9a400c0d504750a5da341cebb20e6357710149e6de66ac8df8ee4cb1576bb
+DIST njs-0.3.7.tar.gz 360227 BLAKE2B b23e5105e3b9a0575e4da6a6e344983c2fed2081cdf0be9209fc86cd51c6e962ec5d855945d2c6972153de048dfead866686b2248b28660b41219a8e05fa939a SHA512 1975c38fab59a587045e1c6bebd527a4432c4e6bec5a62cb2e1bc5fef19275deffdb6c6558caa3f0dcc58716b702adc0eb89b0171acf5f70f275c593b16f4bfb
diff --git a/www-servers/nginx/nginx-1.17.6.ebuild b/www-servers/nginx/nginx-1.17.6.ebuild
new file mode 100644
index 00000000000..9b7d6b814db
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.6.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.7"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-12-24 15:20 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-12-24 15:20 UTC (permalink / raw
To: gentoo-commits
commit: ea41908b2e3a1a5c8ded85006bd41363ac24366c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 24 15:19:34 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 24 15:19:55 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea41908b
www-servers/nginx: bump to v1.17.7
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.17.7.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 4f8f32e5098..87e5e504a38 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695
DIST nginx-1.17.4.tar.gz 1034845 BLAKE2B 59e32fc4a625ec91696d3c18beb270ab2980f3a33a2952e8f43ce24e5a6a7fecff774ee20b1377dbfc0cee58651c78bb6d2cd2505f32a96966a200dce9569267 SHA512 fb7275c47d2416b597415f736771f8f4f3cdbba33728d9ca8ddb56b8266076a5ec5e63c735215a8d022f685b67d663fdaaac0c95db465a82f79f01d502feaa82
DIST nginx-1.17.5.tar.gz 1036056 BLAKE2B 7f5c804651011a28d0d6e166a13e082f74173c0e447a88f013fa505e32994f65c159d755c473fa50eb7dc293c554961da23e61b1d59a429985ca6fc82fe69145 SHA512 b6799ddce7135646aa1f0b4405bcdab41d5065fbadcdeeb875f6fae4953159aa57b9104afe815748b0aab0e4d532e7771ccce487d7c4519e423d110f3715da7c
DIST nginx-1.17.6.tar.gz 1037527 BLAKE2B b642ed0f6a072949d4eefc0676f51bd20b599d621c6d65b9567b2aebee680e2129987040eb1e3e4b8e1ff5e8ff3d215bc61e1ba3a8fe4255968ba5ad7715ffd6 SHA512 8ad6c3d066bf51f3fde3454bb93f2eeab0412d1c10eac0841fd50ec25b0f1204c85f15cb950c6bbe128c0ff72efe5b0bb804b5d66a8bf6234e0e4776aa67b9eb
+DIST nginx-1.17.7.tar.gz 1037747 BLAKE2B 066e20ae233f7e649868c77c80d03e55b5b35dc099aff9026a68479a4faf0091b3f8c9afa66fbbe4a0bb378d1211f103cd222b16e7262880b0bb313bbcada404 SHA512 e7132b90ac92e91def9b927c3b8c3a603d1bcb4a89ff422b284fb6e6cac52a74b33d9c7bbfc2f78467914d8ccd1cf2db9c486559abb739600605439521ff4f6b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.17.7.ebuild b/www-servers/nginx/nginx-1.17.7.ebuild
new file mode 100644
index 00000000000..9b7d6b814db
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.7.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.7"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2019-12-31 3:19 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2019-12-31 3:19 UTC (permalink / raw
To: gentoo-commits
commit: 3a13764246668fb339da5f9445d4640284dc3d5b
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 31 03:19:15 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 31 03:19:15 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a137642
www-servers/nginx: drop old
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 5 -
www-servers/nginx/nginx-1.17.3-r1.ebuild | 1089 ------------------------------
www-servers/nginx/nginx-1.17.4.ebuild | 1089 ------------------------------
www-servers/nginx/nginx-1.17.5.ebuild | 1089 ------------------------------
www-servers/nginx/nginx-1.17.6.ebuild | 1089 ------------------------------
5 files changed, 4361 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 87e5e504a38..055f4299fc7 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,9 +1,5 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
-DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
-DIST nginx-1.17.4.tar.gz 1034845 BLAKE2B 59e32fc4a625ec91696d3c18beb270ab2980f3a33a2952e8f43ce24e5a6a7fecff774ee20b1377dbfc0cee58651c78bb6d2cd2505f32a96966a200dce9569267 SHA512 fb7275c47d2416b597415f736771f8f4f3cdbba33728d9ca8ddb56b8266076a5ec5e63c735215a8d022f685b67d663fdaaac0c95db465a82f79f01d502feaa82
-DIST nginx-1.17.5.tar.gz 1036056 BLAKE2B 7f5c804651011a28d0d6e166a13e082f74173c0e447a88f013fa505e32994f65c159d755c473fa50eb7dc293c554961da23e61b1d59a429985ca6fc82fe69145 SHA512 b6799ddce7135646aa1f0b4405bcdab41d5065fbadcdeeb875f6fae4953159aa57b9104afe815748b0aab0e4d532e7771ccce487d7c4519e423d110f3715da7c
-DIST nginx-1.17.6.tar.gz 1037527 BLAKE2B b642ed0f6a072949d4eefc0676f51bd20b599d621c6d65b9567b2aebee680e2129987040eb1e3e4b8e1ff5e8ff3d215bc61e1ba3a8fe4255968ba5ad7715ffd6 SHA512 8ad6c3d066bf51f3fde3454bb93f2eeab0412d1c10eac0841fd50ec25b0f1204c85f15cb950c6bbe128c0ff72efe5b0bb804b5d66a8bf6234e0e4776aa67b9eb
DIST nginx-1.17.7.tar.gz 1037747 BLAKE2B 066e20ae233f7e649868c77c80d03e55b5b35dc099aff9026a68479a4faf0091b3f8c9afa66fbbe4a0bb378d1211f103cd222b16e7262880b0bb313bbcada404 SHA512 e7132b90ac92e91def9b927c3b8c3a603d1bcb4a89ff422b284fb6e6cac52a74b33d9c7bbfc2f78467914d8ccd1cf2db9c486559abb739600605439521ff4f6b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -28,5 +24,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
-DIST njs-0.3.6.tar.gz 354475 BLAKE2B a2f3be7c83dd46bb8a7300460b580e053eaa78f2bcc835dd7b586457f045ea63eaa591873041648e3aa3aefce1d47a999b52667adfccadf0439066bfbff73673 SHA512 1973824bb434e9640626c132dac932da7615b534486ab76081a075be4f4e9fdf75a9a400c0d504750a5da341cebb20e6357710149e6de66ac8df8ee4cb1576bb
DIST njs-0.3.7.tar.gz 360227 BLAKE2B b23e5105e3b9a0575e4da6a6e344983c2fed2081cdf0be9209fc86cd51c6e962ec5d855945d2c6972153de048dfead866686b2248b28660b41219a8e05fa939a SHA512 1975c38fab59a587045e1c6bebd527a4432c4e6bec5a62cb2e1bc5fef19275deffdb6c6558caa3f0dcc58716b702adc0eb89b0171acf5f70f275c593b16f4bfb
diff --git a/www-servers/nginx/nginx-1.17.3-r1.ebuild b/www-servers/nginx/nginx-1.17.3-r1.ebuild
deleted file mode 100644
index e855a007bab..00000000000
--- a/www-servers/nginx/nginx-1.17.3-r1.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.4.ebuild b/www-servers/nginx/nginx-1.17.4.ebuild
deleted file mode 100644
index e855a007bab..00000000000
--- a/www-servers/nginx/nginx-1.17.4.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.5.ebuild b/www-servers/nginx/nginx-1.17.5.ebuild
deleted file mode 100644
index 881ff630472..00000000000
--- a/www-servers/nginx/nginx-1.17.5.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.6"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.6.ebuild b/www-servers/nginx/nginx-1.17.6.ebuild
deleted file mode 100644
index 9b7d6b814db..00000000000
--- a/www-servers/nginx/nginx-1.17.6.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-01-22 21:49 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-01-22 21:49 UTC (permalink / raw
To: gentoo-commits
commit: 3770365d0e4912fcdc9778a9ca6cf5a165589c0c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 22 21:46:00 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 22 21:48:54 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3770365d
www-servers/nginx: bump to v1.17.8 mainline
- nginScript module bumped to v0.3.8
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.17.8.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1091 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 055f4299fc7..5c9c3381928 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.7.tar.gz 1037747 BLAKE2B 066e20ae233f7e649868c77c80d03e55b5b35dc099aff9026a68479a4faf0091b3f8c9afa66fbbe4a0bb378d1211f103cd222b16e7262880b0bb313bbcada404 SHA512 e7132b90ac92e91def9b927c3b8c3a603d1bcb4a89ff422b284fb6e6cac52a74b33d9c7bbfc2f78467914d8ccd1cf2db9c486559abb739600605439521ff4f6b
+DIST nginx-1.17.8.tar.gz 1038627 BLAKE2B 08993821fe0568099e197e621608dd1d6c525781b7d7b0cd86580a773f9848998f75b645a15aa020b609fd0487184f6e7d32c11d20a9d66dcd07f51e7efcd5b4 SHA512 f29634d48cacfb3a01f7e9c98f1ffb81d2f8dacf074b02c472d37862300d41f0471e5b6bb37cfa692af77b19281c525bb61d4648261a0617b70ff903ed89add6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -25,3 +26,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
DIST njs-0.3.7.tar.gz 360227 BLAKE2B b23e5105e3b9a0575e4da6a6e344983c2fed2081cdf0be9209fc86cd51c6e962ec5d855945d2c6972153de048dfead866686b2248b28660b41219a8e05fa939a SHA512 1975c38fab59a587045e1c6bebd527a4432c4e6bec5a62cb2e1bc5fef19275deffdb6c6558caa3f0dcc58716b702adc0eb89b0171acf5f70f275c593b16f4bfb
+DIST njs-0.3.8.tar.gz 398172 BLAKE2B 2bc76a1267c21bd691dd05ba5416e9d443d9a1d59adca07d6e370bf5b8c9a1420dc4fae2831620b26b6ea2ed16fb00c2058f569c1d60179dce83ff7cf44067c2 SHA512 7a68f5205357c64d5b4e13d72ab03b81ce5675d6f5d5643960c8e1273001828f3c1c9caab7e6b7616168f73d45c1cebb802a75ed31c22f8ca12e377ec5a4d5a5
diff --git a/www-servers/nginx/nginx-1.17.8.ebuild b/www-servers/nginx/nginx-1.17.8.ebuild
new file mode 100644
index 00000000000..fe0559cad19
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.8.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX%/}"/var/log/nginx \
+ "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-02-08 16:53 David Seifert
0 siblings, 0 replies; 277+ messages in thread
From: David Seifert @ 2020-02-08 16:53 UTC (permalink / raw
To: gentoo-commits
commit: 3292fb668f9229f7a15ba3ef30ec596bcdfd286b
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 8 16:52:53 2020 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Feb 8 16:52:53 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3292fb66
www-servers/nginx: [QA] Fix UnnecessarySlashStrip
Signed-off-by: David Seifert <soap <AT> gentoo.org>
www-servers/nginx/nginx-1.16.1-r1.ebuild | 20 ++++++++++----------
www-servers/nginx/nginx-1.17.7.ebuild | 20 ++++++++++----------
www-servers/nginx/nginx-1.17.8.ebuild | 20 ++++++++++----------
3 files changed, 30 insertions(+), 30 deletions(-)
diff --git a/www-servers/nginx/nginx-1.16.1-r1.ebuild b/www-servers/nginx/nginx-1.16.1-r1.ebuild
index fcb191046b1..9c62c90db19 100644
--- a/www-servers/nginx/nginx-1.16.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.16.1-r1.ebuild
@@ -996,15 +996,15 @@ pkg_postinst() {
ewarn "following directories to mitigate a security bug"
ewarn "(CVE-2013-0337, bug #458726):"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
ewarn ""
ewarn "Check if this is correct for your setup before restarting nginx!"
ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
_has_to_show_permission_warning=1
fi
@@ -1013,15 +1013,15 @@ pkg_postinst() {
ewarn "The permissions on the following directory have been reset in"
ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX}/var/log/nginx"
ewarn ""
ewarn "Check if this is correct for your setup before restarting nginx!"
ewarn "Also ensure that no other log directory used by any of your"
ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
ewarn "used by nginx can be abused to escalate privileges!"
ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
fi
if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
@@ -1046,7 +1046,7 @@ pkg_postinst() {
# unmerged a affected installation on purpose in the past leaving
# /var/log/nginx on their system due to keepdir/non-empty folder
# and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
if [ $? -eq 0 ] ; then
# Cleanup -- no reason to die here!
@@ -1059,7 +1059,7 @@ pkg_postinst() {
ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
ewarn "(bug #605008) because nginx user is able to create files in"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX}/var/log/nginx"
ewarn ""
ewarn "Also ensure that no other log directory used by any of your"
ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
diff --git a/www-servers/nginx/nginx-1.17.7.ebuild b/www-servers/nginx/nginx-1.17.7.ebuild
index 9b7d6b814db..266794ff8de 100644
--- a/www-servers/nginx/nginx-1.17.7.ebuild
+++ b/www-servers/nginx/nginx-1.17.7.ebuild
@@ -996,15 +996,15 @@ pkg_postinst() {
ewarn "following directories to mitigate a security bug"
ewarn "(CVE-2013-0337, bug #458726):"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
ewarn ""
ewarn "Check if this is correct for your setup before restarting nginx!"
ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
_has_to_show_permission_warning=1
fi
@@ -1013,15 +1013,15 @@ pkg_postinst() {
ewarn "The permissions on the following directory have been reset in"
ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX}/var/log/nginx"
ewarn ""
ewarn "Check if this is correct for your setup before restarting nginx!"
ewarn "Also ensure that no other log directory used by any of your"
ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
ewarn "used by nginx can be abused to escalate privileges!"
ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
fi
if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
@@ -1046,7 +1046,7 @@ pkg_postinst() {
# unmerged a affected installation on purpose in the past leaving
# /var/log/nginx on their system due to keepdir/non-empty folder
# and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
if [ $? -eq 0 ] ; then
# Cleanup -- no reason to die here!
@@ -1059,7 +1059,7 @@ pkg_postinst() {
ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
ewarn "(bug #605008) because nginx user is able to create files in"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX}/var/log/nginx"
ewarn ""
ewarn "Also ensure that no other log directory used by any of your"
ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
diff --git a/www-servers/nginx/nginx-1.17.8.ebuild b/www-servers/nginx/nginx-1.17.8.ebuild
index fe0559cad19..e950633e242 100644
--- a/www-servers/nginx/nginx-1.17.8.ebuild
+++ b/www-servers/nginx/nginx-1.17.8.ebuild
@@ -996,15 +996,15 @@ pkg_postinst() {
ewarn "following directories to mitigate a security bug"
ewarn "(CVE-2013-0337, bug #458726):"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
- ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
ewarn ""
ewarn "Check if this is correct for your setup before restarting nginx!"
ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
chmod o-rwx \
- "${EPREFIX%/}"/var/log/nginx \
- "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
_has_to_show_permission_warning=1
fi
@@ -1013,15 +1013,15 @@ pkg_postinst() {
ewarn "The permissions on the following directory have been reset in"
ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX}/var/log/nginx"
ewarn ""
ewarn "Check if this is correct for your setup before restarting nginx!"
ewarn "Also ensure that no other log directory used by any of your"
ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
ewarn "used by nginx can be abused to escalate privileges!"
ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
fi
if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
@@ -1046,7 +1046,7 @@ pkg_postinst() {
# unmerged a affected installation on purpose in the past leaving
# /var/log/nginx on their system due to keepdir/non-empty folder
# and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
if [ $? -eq 0 ] ; then
# Cleanup -- no reason to die here!
@@ -1059,7 +1059,7 @@ pkg_postinst() {
ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
ewarn "(bug #605008) because nginx user is able to create files in"
ewarn ""
- ewarn " ${EPREFIX%/}/var/log/nginx"
+ ewarn " ${EPREFIX}/var/log/nginx"
ewarn ""
ewarn "Also ensure that no other log directory used by any of your"
ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-03-03 23:47 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-03-03 23:47 UTC (permalink / raw
To: gentoo-commits
commit: f442921b63a3a7dea16c845ee688c94bd034941f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 3 23:46:30 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 3 23:46:57 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f442921b
www-servers/nginx: bump to v1.17.9
Package-Manager: Portage-2.3.90, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.17.9.ebuild | 1089 +++++++++++++++++++++++++++++++++
2 files changed, 1091 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5c9c3381928..8b0ccf67eae 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.7.tar.gz 1037747 BLAKE2B 066e20ae233f7e649868c77c80d03e55b5b35dc099aff9026a68479a4faf0091b3f8c9afa66fbbe4a0bb378d1211f103cd222b16e7262880b0bb313bbcada404 SHA512 e7132b90ac92e91def9b927c3b8c3a603d1bcb4a89ff422b284fb6e6cac52a74b33d9c7bbfc2f78467914d8ccd1cf2db9c486559abb739600605439521ff4f6b
DIST nginx-1.17.8.tar.gz 1038627 BLAKE2B 08993821fe0568099e197e621608dd1d6c525781b7d7b0cd86580a773f9848998f75b645a15aa020b609fd0487184f6e7d32c11d20a9d66dcd07f51e7efcd5b4 SHA512 f29634d48cacfb3a01f7e9c98f1ffb81d2f8dacf074b02c472d37862300d41f0471e5b6bb37cfa692af77b19281c525bb61d4648261a0617b70ff903ed89add6
+DIST nginx-1.17.9.tar.gz 1039136 BLAKE2B bc4cb6fa93288f936ee36b86846b9eb864406799bd1cbc14b2e924e30b0490858e573100ea1e6ca506e1353c71176ebaa5e0109e3d5395e9029a41fa899c60ef SHA512 9d6af46bc575763d5d2c279451919a491bdfafb927a8c0783ccc8326a86ed66f9183c900a9844bf31dcde015f36ea6a8e0d3817b77f9b17aebae701c759fe9b6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -27,3 +28,4 @@ DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
DIST njs-0.3.7.tar.gz 360227 BLAKE2B b23e5105e3b9a0575e4da6a6e344983c2fed2081cdf0be9209fc86cd51c6e962ec5d855945d2c6972153de048dfead866686b2248b28660b41219a8e05fa939a SHA512 1975c38fab59a587045e1c6bebd527a4432c4e6bec5a62cb2e1bc5fef19275deffdb6c6558caa3f0dcc58716b702adc0eb89b0171acf5f70f275c593b16f4bfb
DIST njs-0.3.8.tar.gz 398172 BLAKE2B 2bc76a1267c21bd691dd05ba5416e9d443d9a1d59adca07d6e370bf5b8c9a1420dc4fae2831620b26b6ea2ed16fb00c2058f569c1d60179dce83ff7cf44067c2 SHA512 7a68f5205357c64d5b4e13d72ab03b81ce5675d6f5d5643960c8e1273001828f3c1c9caab7e6b7616168f73d45c1cebb802a75ed31c22f8ca12e377ec5a4d5a5
+DIST njs-0.3.9.tar.gz 412279 BLAKE2B 9e27e59e56b6d5c9d48717552aa373265c6e513e55049a94f1df25a558ef3253be89b8e7e00a3fdcaa93c66f8da8d1d654d4d279e0b4c05b769775a862dfc0a4 SHA512 a1d734db7325de3055d3034777ebfe03b1205bdb6648da45ac7f68698d32427da741a88872c8f713ec6258e79d9cfdcdb89e4429571ba3e3e723a5777024dcab
diff --git a/www-servers/nginx/nginx-1.17.9.ebuild b/www-servers/nginx/nginx-1.17.9.ebuild
new file mode 100644
index 00000000000..ab414da3e48
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.9.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.9"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${D}"usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-03-03 23:49 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-03-03 23:49 UTC (permalink / raw
To: gentoo-commits
commit: 8818ca708d662fcfa5cde0d2c17730e0a58ba05f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 3 23:48:59 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 3 23:48:59 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8818ca70
www-servers/nginx: drop old
Package-Manager: Portage-2.3.90, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 -
www-servers/nginx/nginx-1.17.7.ebuild | 1089 ---------------------------------
2 files changed, 1091 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8b0ccf67eae..346a0598427 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
-DIST nginx-1.17.7.tar.gz 1037747 BLAKE2B 066e20ae233f7e649868c77c80d03e55b5b35dc099aff9026a68479a4faf0091b3f8c9afa66fbbe4a0bb378d1211f103cd222b16e7262880b0bb313bbcada404 SHA512 e7132b90ac92e91def9b927c3b8c3a603d1bcb4a89ff422b284fb6e6cac52a74b33d9c7bbfc2f78467914d8ccd1cf2db9c486559abb739600605439521ff4f6b
DIST nginx-1.17.8.tar.gz 1038627 BLAKE2B 08993821fe0568099e197e621608dd1d6c525781b7d7b0cd86580a773f9848998f75b645a15aa020b609fd0487184f6e7d32c11d20a9d66dcd07f51e7efcd5b4 SHA512 f29634d48cacfb3a01f7e9c98f1ffb81d2f8dacf074b02c472d37862300d41f0471e5b6bb37cfa692af77b19281c525bb61d4648261a0617b70ff903ed89add6
DIST nginx-1.17.9.tar.gz 1039136 BLAKE2B bc4cb6fa93288f936ee36b86846b9eb864406799bd1cbc14b2e924e30b0490858e573100ea1e6ca506e1353c71176ebaa5e0109e3d5395e9029a41fa899c60ef SHA512 9d6af46bc575763d5d2c279451919a491bdfafb927a8c0783ccc8326a86ed66f9183c900a9844bf31dcde015f36ea6a8e0d3817b77f9b17aebae701c759fe9b6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
@@ -26,6 +25,5 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
-DIST njs-0.3.7.tar.gz 360227 BLAKE2B b23e5105e3b9a0575e4da6a6e344983c2fed2081cdf0be9209fc86cd51c6e962ec5d855945d2c6972153de048dfead866686b2248b28660b41219a8e05fa939a SHA512 1975c38fab59a587045e1c6bebd527a4432c4e6bec5a62cb2e1bc5fef19275deffdb6c6558caa3f0dcc58716b702adc0eb89b0171acf5f70f275c593b16f4bfb
DIST njs-0.3.8.tar.gz 398172 BLAKE2B 2bc76a1267c21bd691dd05ba5416e9d443d9a1d59adca07d6e370bf5b8c9a1420dc4fae2831620b26b6ea2ed16fb00c2058f569c1d60179dce83ff7cf44067c2 SHA512 7a68f5205357c64d5b4e13d72ab03b81ce5675d6f5d5643960c8e1273001828f3c1c9caab7e6b7616168f73d45c1cebb802a75ed31c22f8ca12e377ec5a4d5a5
DIST njs-0.3.9.tar.gz 412279 BLAKE2B 9e27e59e56b6d5c9d48717552aa373265c6e513e55049a94f1df25a558ef3253be89b8e7e00a3fdcaa93c66f8da8d1d654d4d279e0b4c05b769775a862dfc0a4 SHA512 a1d734db7325de3055d3034777ebfe03b1205bdb6648da45ac7f68698d32427da741a88872c8f713ec6258e79d9cfdcdb89e4429571ba3e3e723a5777024dcab
diff --git a/www-servers/nginx/nginx-1.17.7.ebuild b/www-servers/nginx/nginx-1.17.7.ebuild
deleted file mode 100644
index 3651f7e3524..00000000000
--- a/www-servers/nginx/nginx-1.17.7.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-03-05 2:58 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-03-05 2:58 UTC (permalink / raw
To: gentoo-commits
commit: e2efb81e2ded3384967b17c4fbb757358398a14e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 5 02:56:55 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 5 02:58:33 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2efb81e
www-servers/nginx: rev bump
- Fix HTTP echo module compatibility with nginx-1.17.x
(reported by mrueg, thanks!)
- Don't create /run in install image
Package-Manager: Portage-2.3.91, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.17.9-r1.ebuild | 1092 ++++++++++++++++++++++++++++++
2 files changed, 1093 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 346a0598427..8d2fe808a03 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -10,6 +10,7 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f60
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
+DIST ngx_http_echo-0.62rc1.tar.gz 53331 BLAKE2B e7fded849e34a64804dbbc62cd7b535683c65f12b571a7382d3e6a0700ce000853c40a9715c238414a000361613eb3fa550b72f15eeda6d8d99346a0e54e8604 SHA512 9f4e1a91058c803c14711a1a66175e373ad0e05353c72963c39cda9bc5396e792ec1a3d18738af9991bee35bfd5d39d4c1777859ac1db0c0f73c6873b535746e
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
diff --git a/www-servers/nginx/nginx-1.17.9-r1.ebuild b/www-servers/nginx/nginx-1.17.9-r1.ebuild
new file mode 100644
index 00000000000..3b17f8898d9
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.9-r1.ebuild
@@ -0,0 +1,1092 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62rc1"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.9"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-03-05 2:58 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-03-05 2:58 UTC (permalink / raw
To: gentoo-commits
commit: 6d2ad7a88743e43c359af83f80a26fe35196e7f6
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 5 02:58:13 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 5 02:58:34 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d2ad7a8
www-servers/nginx: drop old
Package-Manager: Portage-2.3.91, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 -
www-servers/nginx/nginx-1.17.8.ebuild | 1089 ---------------------------------
www-servers/nginx/nginx-1.17.9.ebuild | 1089 ---------------------------------
3 files changed, 2180 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8d2fe808a03..9ce08ba5243 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
-DIST nginx-1.17.8.tar.gz 1038627 BLAKE2B 08993821fe0568099e197e621608dd1d6c525781b7d7b0cd86580a773f9848998f75b645a15aa020b609fd0487184f6e7d32c11d20a9d66dcd07f51e7efcd5b4 SHA512 f29634d48cacfb3a01f7e9c98f1ffb81d2f8dacf074b02c472d37862300d41f0471e5b6bb37cfa692af77b19281c525bb61d4648261a0617b70ff903ed89add6
DIST nginx-1.17.9.tar.gz 1039136 BLAKE2B bc4cb6fa93288f936ee36b86846b9eb864406799bd1cbc14b2e924e30b0490858e573100ea1e6ca506e1353c71176ebaa5e0109e3d5395e9029a41fa899c60ef SHA512 9d6af46bc575763d5d2c279451919a491bdfafb927a8c0783ccc8326a86ed66f9183c900a9844bf31dcde015f36ea6a8e0d3817b77f9b17aebae701c759fe9b6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -26,5 +25,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
-DIST njs-0.3.8.tar.gz 398172 BLAKE2B 2bc76a1267c21bd691dd05ba5416e9d443d9a1d59adca07d6e370bf5b8c9a1420dc4fae2831620b26b6ea2ed16fb00c2058f569c1d60179dce83ff7cf44067c2 SHA512 7a68f5205357c64d5b4e13d72ab03b81ce5675d6f5d5643960c8e1273001828f3c1c9caab7e6b7616168f73d45c1cebb802a75ed31c22f8ca12e377ec5a4d5a5
DIST njs-0.3.9.tar.gz 412279 BLAKE2B 9e27e59e56b6d5c9d48717552aa373265c6e513e55049a94f1df25a558ef3253be89b8e7e00a3fdcaa93c66f8da8d1d654d4d279e0b4c05b769775a862dfc0a4 SHA512 a1d734db7325de3055d3034777ebfe03b1205bdb6648da45ac7f68698d32427da741a88872c8f713ec6258e79d9cfdcdb89e4429571ba3e3e723a5777024dcab
diff --git a/www-servers/nginx/nginx-1.17.8.ebuild b/www-servers/nginx/nginx-1.17.8.ebuild
deleted file mode 100644
index e950633e242..00000000000
--- a/www-servers/nginx/nginx-1.17.8.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.9.ebuild b/www-servers/nginx/nginx-1.17.9.ebuild
deleted file mode 100644
index ab414da3e48..00000000000
--- a/www-servers/nginx/nginx-1.17.9.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.9"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-11 21:11 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-11 21:11 UTC (permalink / raw
To: gentoo-commits
commit: c18654cb868ba566c26bbf3cd01f67802fd8204b
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 11 21:03:29 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 11 21:10:39 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c18654cb
www-servers/nginx: USE=nginx_modules_http_dav_ext needs dev-libs/libxslt
However, USE=nginx_modules_http_dav_ext recommends usage of
USE=nginx_modules_http_xslt that why we just add a REQUIRED_USE.
Closes: https://bugs.gentoo.org/715018
Package-Manager: Portage-2.3.98, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.16.1-r1.ebuild | 2 +-
www-servers/nginx/nginx-1.17.9-r2.ebuild | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.16.1-r1.ebuild b/www-servers/nginx/nginx-1.16.1-r1.ebuild
index f171f8a2e22..b429dd2503c 100644
--- a/www-servers/nginx/nginx-1.16.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.16.1-r1.ebuild
@@ -341,7 +341,7 @@ REQUIRED_USE="pcre-jit? ( pcre )
nginx_modules_http_rewrite
)
nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
nginx_modules_http_security? ( pcre )
nginx_modules_http_push_stream? ( ssl )"
diff --git a/www-servers/nginx/nginx-1.17.9-r2.ebuild b/www-servers/nginx/nginx-1.17.9-r2.ebuild
index 8526c073104..884dedb9314 100644
--- a/www-servers/nginx/nginx-1.17.9-r2.ebuild
+++ b/www-servers/nginx/nginx-1.17.9-r2.ebuild
@@ -341,7 +341,7 @@ REQUIRED_USE="pcre-jit? ( pcre )
nginx_modules_http_rewrite
)
nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
nginx_modules_http_security? ( pcre )
nginx_modules_http_push_stream? ( ssl )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-11 21:11 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-11 21:11 UTC (permalink / raw
To: gentoo-commits
commit: 6550534bb295a29b9ebc4d6645c49a37e2002653
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 11 21:10:21 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 11 21:11:05 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6550534b
www-servers/nginx: add REQUIRED_USE for USE=nginx_modules_http_fancyindex
Header/footer feature of HTTP module "fancyindex" requires HTTP module "addition".
Closes: https://bugs.gentoo.org/715016
Package-Manager: Portage-2.3.98, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.16.1-r1.ebuild | 1 +
www-servers/nginx/nginx-1.17.9-r2.ebuild | 1 +
2 files changed, 2 insertions(+)
diff --git a/www-servers/nginx/nginx-1.16.1-r1.ebuild b/www-servers/nginx/nginx-1.16.1-r1.ebuild
index b429dd2503c..6c2a3c9e53d 100644
--- a/www-servers/nginx/nginx-1.16.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.16.1-r1.ebuild
@@ -335,6 +335,7 @@ DEPEND="${CDEPEND}
PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
nginx_modules_http_grpc? ( http2 )
nginx_modules_http_lua? (
luajit
diff --git a/www-servers/nginx/nginx-1.17.9-r2.ebuild b/www-servers/nginx/nginx-1.17.9-r2.ebuild
index 884dedb9314..6cda406abe2 100644
--- a/www-servers/nginx/nginx-1.17.9-r2.ebuild
+++ b/www-servers/nginx/nginx-1.17.9-r2.ebuild
@@ -335,6 +335,7 @@ DEPEND="${CDEPEND}
PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
nginx_modules_http_grpc? ( http2 )
nginx_modules_http_lua? (
luajit
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-11 21:11 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-11 21:11 UTC (permalink / raw
To: gentoo-commits
commit: 97b7cfa471a0494497094650a346a10b1fccb096
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Mon Mar 30 11:20:24 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 11 21:10:38 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97b7cfa4
www-servers/nginx: drop old
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/15172
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.17.9-r1.ebuild | 1092 ------------------------------
1 file changed, 1092 deletions(-)
diff --git a/www-servers/nginx/nginx-1.17.9-r1.ebuild b/www-servers/nginx/nginx-1.17.9-r1.ebuild
deleted file mode 100644
index 3b17f8898d9..00000000000
--- a/www-servers/nginx/nginx-1.17.9-r1.ebuild
+++ /dev/null
@@ -1,1092 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62rc1"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.9"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-11 21:11 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-11 21:11 UTC (permalink / raw
To: gentoo-commits
commit: 91da385541a31060f2aae5447939d6048ec197ea
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Mon Mar 30 11:19:14 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 11 21:10:38 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91da3855
www-servers/nginx: update geoip2 module
Fix segmentation fault when auto reloading maxmind databases
Closes: https://bugs.gentoo.org/711298
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.17.9-r2.ebuild | 1092 ++++++++++++++++++++++++++++++
2 files changed, 1093 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9ce08ba5243..07321019e1e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -12,6 +12,7 @@ DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e74989
DIST ngx_http_echo-0.62rc1.tar.gz 53331 BLAKE2B e7fded849e34a64804dbbc62cd7b535683c65f12b571a7382d3e6a0700ce000853c40a9715c238414a000361613eb3fa550b72f15eeda6d8d99346a0e54e8604 SHA512 9f4e1a91058c803c14711a1a66175e373ad0e05353c72963c39cda9bc5396e792ec1a3d18738af9991bee35bfd5d39d4c1777859ac1db0c0f73c6873b535746e
DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
+DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
diff --git a/www-servers/nginx/nginx-1.17.9-r2.ebuild b/www-servers/nginx/nginx-1.17.9-r2.ebuild
new file mode 100644
index 00000000000..8526c073104
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.9-r2.ebuild
@@ -0,0 +1,1092 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62rc1"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.9"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-14 19:39 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-14 19:39 UTC (permalink / raw
To: gentoo-commits
commit: aad82e3a3255acc77d6938119560d195445dcac1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 14 19:36:43 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 14 19:39:29 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aad82e3a
www-servers/nginx: bump to v1.17.10
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.17.10.ebuild | 1093 ++++++++++++++++++++++++++++++++
2 files changed, 1094 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 07321019e1e..70170487527 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
+DIST nginx-1.17.10.tar.gz 1039541 BLAKE2B 5e86be6c6aebfd336579269ecfa09eab9ff5c0185e0bd36f993b5ccac4d13f64ef3d10cad4d0ac00c7fb67e3ecb048b7b0f4c74cf5c5376fdc643b5cecee28ac SHA512 0b49169bc49e07733862e09ec5bfa93601ffa57379f98d52a115e511502905baf4cd33b73a03d74416f8c6ffa95ebf4459fc934bd40bfdf54d5b6d35ac4f8756
DIST nginx-1.17.9.tar.gz 1039136 BLAKE2B bc4cb6fa93288f936ee36b86846b9eb864406799bd1cbc14b2e924e30b0490858e573100ea1e6ca506e1353c71176ebaa5e0109e3d5395e9029a41fa899c60ef SHA512 9d6af46bc575763d5d2c279451919a491bdfafb927a8c0783ccc8326a86ed66f9183c900a9844bf31dcde015f36ea6a8e0d3817b77f9b17aebae701c759fe9b6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.17.10.ebuild b/www-servers/nginx/nginx-1.17.10.ebuild
new file mode 100644
index 00000000000..6cda406abe2
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.10.ebuild
@@ -0,0 +1,1093 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62rc1"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.9"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-29 21:14 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-29 21:14 UTC (permalink / raw
To: gentoo-commits
commit: 21db0af253b03683cb376c2f245a4ac1c79be1d4
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 29 21:00:53 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 29 21:14:17 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21db0af2
www-servers/nginx: drop old
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.17.9-r2.ebuild | 1093 ------------------------------
2 files changed, 1094 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 70170487527..3adbce9a1a6 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.10.tar.gz 1039541 BLAKE2B 5e86be6c6aebfd336579269ecfa09eab9ff5c0185e0bd36f993b5ccac4d13f64ef3d10cad4d0ac00c7fb67e3ecb048b7b0f4c74cf5c5376fdc643b5cecee28ac SHA512 0b49169bc49e07733862e09ec5bfa93601ffa57379f98d52a115e511502905baf4cd33b73a03d74416f8c6ffa95ebf4459fc934bd40bfdf54d5b6d35ac4f8756
-DIST nginx-1.17.9.tar.gz 1039136 BLAKE2B bc4cb6fa93288f936ee36b86846b9eb864406799bd1cbc14b2e924e30b0490858e573100ea1e6ca506e1353c71176ebaa5e0109e3d5395e9029a41fa899c60ef SHA512 9d6af46bc575763d5d2c279451919a491bdfafb927a8c0783ccc8326a86ed66f9183c900a9844bf31dcde015f36ea6a8e0d3817b77f9b17aebae701c759fe9b6
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.17.9-r2.ebuild b/www-servers/nginx/nginx-1.17.9-r2.ebuild
deleted file mode 100644
index 6cda406abe2..00000000000
--- a/www-servers/nginx/nginx-1.17.9-r2.ebuild
+++ /dev/null
@@ -1,1093 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62rc1"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.9"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-29 21:14 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-29 21:14 UTC (permalink / raw
To: gentoo-commits
commit: 0f67bbf77a182e7d709659d6b5753137d602036c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 29 21:07:57 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 29 21:14:18 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f67bbf7
www-servers/nginx: rev bump
- nginScript module bumped to v0.4.0
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.17.10.ebuild => nginx-1.17.10-r1.ebuild} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 3adbce9a1a6..e2ee631ad07 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,4 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
-DIST njs-0.3.9.tar.gz 412279 BLAKE2B 9e27e59e56b6d5c9d48717552aa373265c6e513e55049a94f1df25a558ef3253be89b8e7e00a3fdcaa93c66f8da8d1d654d4d279e0b4c05b769775a862dfc0a4 SHA512 a1d734db7325de3055d3034777ebfe03b1205bdb6648da45ac7f68698d32427da741a88872c8f713ec6258e79d9cfdcdb89e4429571ba3e3e723a5777024dcab
+DIST njs-0.4.0.tar.gz 418439 BLAKE2B e4b9f529a10f90ece864a6b1969507e9573296288ef85f4a71163644415404d4541129326ef9635fe5b8aff3b59ab76c2b3995894c41a53ffb632b6bee8b8e5f SHA512 ea9a063ef83791dd7a7896c584d1b8c635c3ff81792c6e5bad61bdfe8185c6f9ce436ad5e360b267b42bf0d5986553bbdf3c0f1264627f82550aadc361be0a3c
diff --git a/www-servers/nginx/nginx-1.17.10.ebuild b/www-servers/nginx/nginx-1.17.10-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.17.10.ebuild
rename to www-servers/nginx/nginx-1.17.10-r1.ebuild
index 6cda406abe2..32a846e8e56 100644
--- a/www-servers/nginx/nginx-1.17.10.ebuild
+++ b/www-servers/nginx/nginx-1.17.10-r1.ebuild
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.9"
+NJS_MODULE_PV="0.4.0"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-04-29 21:14 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-04-29 21:14 UTC (permalink / raw
To: gentoo-commits
commit: d9542434930afa78d4b51894bcf71e381d436179
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 29 21:11:04 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 29 21:14:19 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9542434
www-servers/nginx: bump to v1.18.0 stable
Closes: https://bugs.gentoo.org/719584
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.18.0.ebuild | 1093 +++++++++++++++++++++++++++++++++
2 files changed, 1094 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e2ee631ad07..1de09291cb4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
DIST nginx-1.17.10.tar.gz 1039541 BLAKE2B 5e86be6c6aebfd336579269ecfa09eab9ff5c0185e0bd36f993b5ccac4d13f64ef3d10cad4d0ac00c7fb67e3ecb048b7b0f4c74cf5c5376fdc643b5cecee28ac SHA512 0b49169bc49e07733862e09ec5bfa93601ffa57379f98d52a115e511502905baf4cd33b73a03d74416f8c6ffa95ebf4459fc934bd40bfdf54d5b6d35ac4f8756
+DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
diff --git a/www-servers/nginx/nginx-1.18.0.ebuild b/www-servers/nginx/nginx-1.18.0.ebuild
new file mode 100644
index 00000000000..58f5c9d92b2
--- /dev/null
+++ b/www-servers/nginx/nginx-1.18.0.ebuild
@@ -0,0 +1,1093 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62rc1"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.4.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-05-26 18:41 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-05-26 18:41 UTC (permalink / raw
To: gentoo-commits
commit: 594f6913c9d77a9025c1ba947f456261726efcf9
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 26 18:09:41 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 26 18:40:53 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=594f6913
www-servers/nginx: drop old
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 8 +-
www-servers/nginx/nginx-1.16.1-r1.ebuild | 1090 ----------------------------
www-servers/nginx/nginx-1.17.10-r1.ebuild | 1093 -----------------------------
3 files changed, 1 insertion(+), 2190 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e3ee2189b10..523b0974076 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,4 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
-DIST nginx-1.17.10.tar.gz 1039541 BLAKE2B 5e86be6c6aebfd336579269ecfa09eab9ff5c0185e0bd36f993b5ccac4d13f64ef3d10cad4d0ac00c7fb67e3ecb048b7b0f4c74cf5c5376fdc643b5cecee28ac SHA512 0b49169bc49e07733862e09ec5bfa93601ffa57379f98d52a115e511502905baf4cd33b73a03d74416f8c6ffa95ebf4459fc934bd40bfdf54d5b6d35ac4f8756
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -9,10 +7,8 @@ DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b54
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
-DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
DIST ngx_http_echo-0.62rc1.tar.gz 53331 BLAKE2B e7fded849e34a64804dbbc62cd7b535683c65f12b571a7382d3e6a0700ce000853c40a9715c238414a000361613eb3fa550b72f15eeda6d8d99346a0e54e8604 SHA512 9f4e1a91058c803c14711a1a66175e373ad0e05353c72963c39cda9bc5396e792ec1a3d18738af9991bee35bfd5d39d4c1777859ac1db0c0f73c6873b535746e
-DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
-DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
+DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
@@ -26,6 +22,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
-DIST njs-0.4.0.tar.gz 418439 BLAKE2B e4b9f529a10f90ece864a6b1969507e9573296288ef85f4a71163644415404d4541129326ef9635fe5b8aff3b59ab76c2b3995894c41a53ffb632b6bee8b8e5f SHA512 ea9a063ef83791dd7a7896c584d1b8c635c3ff81792c6e5bad61bdfe8185c6f9ce436ad5e360b267b42bf0d5986553bbdf3c0f1264627f82550aadc361be0a3c
DIST njs-0.4.1.tar.gz 422917 BLAKE2B 8a6b9c06b74256289636e06437a8160a0e91767959cd2c4dde4f6769437b2654cd2aa6e65902251bd135429c87ef497f7137ffe0afee72c2723d147db8615810 SHA512 58ae280be37ac0402886281837b82a7038ea62d3bde5a0857d8008806937b2d11fe4984986b1e40bd9528ee8d2f5aac271346dc387f30930161cc2b41aa08998
diff --git a/www-servers/nginx/nginx-1.16.1-r1.ebuild b/www-servers/nginx/nginx-1.16.1-r1.ebuild
deleted file mode 100644
index 6c2a3c9e53d..00000000000
--- a/www-servers/nginx/nginx-1.16.1-r1.ebuild
+++ /dev/null
@@ -1,1090 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${D}"usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.17.10-r1.ebuild b/www-servers/nginx/nginx-1.17.10-r1.ebuild
deleted file mode 100644
index 4f0830ed4f2..00000000000
--- a/www-servers/nginx/nginx-1.17.10-r1.ebuild
+++ /dev/null
@@ -1,1093 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62rc1"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-05-26 18:41 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-05-26 18:41 UTC (permalink / raw
To: gentoo-commits
commit: f1ffc5d24decfdbecfd4033e3d2a2201dd9318be
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 26 18:07:24 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 26 18:40:51 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1ffc5d2
www-servers/nginx: rev bump
- fancyindex module bumped to v0.4.3
- nginScript module bumped to v0.4.1
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/{nginx-1.18.0.ebuild => nginx-1.18.0-r1.ebuild} | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1de09291cb4..e3ee2189b10 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -28,3 +28,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.3.5.tar.gz 339177 BLAKE2B 6327be0b7c8077870408722376782bca579a6cfdf1fe2a4950fc0d289311ad21f671bc2b47d06f70d95d4f68d99e8c70fd4598dcc167b79c57704d99a098d284 SHA512 236e0284f251856f74eb51d8251bb5be725d2ca90056f2feef7677eb636a4e97e203f3bba81fb6b677158d615dc2d6ffcb0dc1059fb678ab12b7d14cc4ea7241
DIST njs-0.4.0.tar.gz 418439 BLAKE2B e4b9f529a10f90ece864a6b1969507e9573296288ef85f4a71163644415404d4541129326ef9635fe5b8aff3b59ab76c2b3995894c41a53ffb632b6bee8b8e5f SHA512 ea9a063ef83791dd7a7896c584d1b8c635c3ff81792c6e5bad61bdfe8185c6f9ce436ad5e360b267b42bf0d5986553bbdf3c0f1264627f82550aadc361be0a3c
+DIST njs-0.4.1.tar.gz 422917 BLAKE2B 8a6b9c06b74256289636e06437a8160a0e91767959cd2c4dde4f6769437b2654cd2aa6e65902251bd135429c87ef497f7137ffe0afee72c2723d147db8615810 SHA512 58ae280be37ac0402886281837b82a7038ea62d3bde5a0857d8008806937b2d11fe4984986b1e40bd9528ee8d2f5aac271346dc387f30930161cc2b41aa08998
diff --git a/www-servers/nginx/nginx-1.18.0.ebuild b/www-servers/nginx/nginx-1.18.0-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.18.0.ebuild
rename to www-servers/nginx/nginx-1.18.0-r1.ebuild
index 58f5c9d92b2..cc1a711b92c 100644
--- a/www-servers/nginx/nginx-1.18.0.ebuild
+++ b/www-servers/nginx/nginx-1.18.0-r1.ebuild
@@ -53,7 +53,7 @@ HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${H
HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.0"
+NJS_MODULE_PV="0.4.1"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-06-02 20:53 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-06-02 20:53 UTC (permalink / raw
To: gentoo-commits
commit: 4946862591fca24d3bcde8817205809b2a0e9658
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 2 20:52:46 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 2 20:52:46 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49468625
www-servers/nginx: downgrade HTTP LUA module
Bug: https://bugs.gentoo.org/726728
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/{nginx-1.19.0.ebuild => nginx-1.19.0-r1.ebuild} | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2365b9621d9..6812c9900f4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -14,7 +14,6 @@ DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75
DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
-DIST ngx_http_lua-0.10.16rc5.tar.gz 646734 BLAKE2B a122bd16999fa45303dc9a860a992c22c31ad64f56df5ab9f90274b91a1c073cbb29e29a1befc347a11f1024926b51ee5f1cac154beff63359beeaafbc5b0fe3 SHA512 da98161be84a4f829cb105ee46e5c1e3c91d2d3b473b0bee26fb1c4dec00137c814f37996b83e52d898ec1ff43e3bd5178b1621cb6e3ec6bc1629896ac6e7110
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
diff --git a/www-servers/nginx/nginx-1.19.0.ebuild b/www-servers/nginx/nginx-1.19.0-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.19.0.ebuild
rename to www-servers/nginx/nginx-1.19.0-r1.ebuild
index ab215dc844a..fafd960ce17 100644
--- a/www-servers/nginx/nginx-1.19.0.ebuild
+++ b/www-servers/nginx/nginx-1.19.0-r1.ebuild
@@ -59,7 +59,7 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.16rc5"
+HTTP_LUA_MODULE_PV="0.10.15"
HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-07-07 17:08 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-07-07 17:08 UTC (permalink / raw
To: gentoo-commits
commit: be0762b91b891319cfcfe50369554e1bd8335edd
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 7 17:07:35 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 7 17:08:14 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be0762b9
www-servers/nginx: bump to v1.19.1 mainline
- nginScript module bumped to v0.4.2
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.19.1.ebuild | 1093 +++++++++++++++++++++++++++++++++
2 files changed, 1095 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6812c9900f4..2f76d10ef21 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-1.19.0.tar.gz 1043748 BLAKE2B 46647676c2e5dd0b06a1079329d211f7449312873f40d762b1c81841863f61dbc11f836956c006e0283dc79ab9b6bb4b9430136e4c66ff194402413fdc0bdf83 SHA512 3240d5dc59877f9d6a95c8779240675cec9290df079b9d52c06147e58900f2e060e768729669ffaf9a2a90bb9abbe8ab7fba24ff65d45fec9eeb3b6733b65f30
+DIST nginx-1.19.1.tar.gz 1047223 BLAKE2B a5e7345cfb2b40801be923045374d3e81ff14063bbc09bf7a64d4d9be1841d6a1689ab63d54cba823fd54b6a9e7ff110297755e6adb99c832d6e9fb668b6a03d SHA512 e5448e3fd84c53e96db27329e41baa48c21be4169436eda3704012d0e5de15d938f6aa64dc07cb50002c2173b00fb88db4b1a9061d5f47fa7011ffd524a8ba23
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-25f86f0bac1101b6512135eac5f93c49c63609e3.tar.gz 16201 BLAKE2B 2da3ce8a9f29b713da4de4cd60fe22256742ff61e1718346e5246ffa0169d5a2e1babb625b16ac52e3b79431f749adb3ee0170957024953c139aaebc7a496478 SHA512 c6eb026f204e1e6f930ab7ca68cca78054318e05a0dc11d897d3516380dbc4e42e93d40334e3088bf348d4b7b182e87c77473974719e5850a4f97666f9babbd6
@@ -25,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.4.1.tar.gz 422917 BLAKE2B 8a6b9c06b74256289636e06437a8160a0e91767959cd2c4dde4f6769437b2654cd2aa6e65902251bd135429c87ef497f7137ffe0afee72c2723d147db8615810 SHA512 58ae280be37ac0402886281837b82a7038ea62d3bde5a0857d8008806937b2d11fe4984986b1e40bd9528ee8d2f5aac271346dc387f30930161cc2b41aa08998
+DIST njs-0.4.2.tar.gz 446191 BLAKE2B 0a9c1d2379fce0d7e08592165d0b43cf0dc32c5ce7d7788d018a620946e45c70dfe2c08688b6579a0c9167c99ce3c3478b7889492f38086eaf14515ed1e85aaf SHA512 37998d830967fd4839a0982c7e6c7be5f8bc434ab4a820ead8ea081afa97dec99107abe6608c7a60c7f506d819afe642bc444d4e3df342aee08a41bc7ccb5e9b
diff --git a/www-servers/nginx/nginx-1.19.1.ebuild b/www-servers/nginx/nginx-1.19.1.ebuild
new file mode 100644
index 00000000000..40f819c0570
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.1.ebuild
@@ -0,0 +1,1093 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62rc1"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.4.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-08-11 15:51 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-08-11 15:51 UTC (permalink / raw
To: gentoo-commits
commit: 88cc97bc466cf4a02e5094a837353ae2752b6953
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 15:46:47 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 15:51:47 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88cc97bc
www-servers/nginx: bump to v1.19.2 mainline
- nginScript module bumped to v0.4.3
- HTTP Auth PAM module bumped to v1.5.2
- HTTP LUA module bumped to v0.10.17
- HTTP echo module bumped to v0.62
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 5 +
www-servers/nginx/nginx-1.19.2.ebuild | 1093 +++++++++++++++++++++++++++++++++
2 files changed, 1098 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2f76d10ef21..2e6a2023d63 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,19 +2,23 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-1.19.0.tar.gz 1043748 BLAKE2B 46647676c2e5dd0b06a1079329d211f7449312873f40d762b1c81841863f61dbc11f836956c006e0283dc79ab9b6bb4b9430136e4c66ff194402413fdc0bdf83 SHA512 3240d5dc59877f9d6a95c8779240675cec9290df079b9d52c06147e58900f2e060e768729669ffaf9a2a90bb9abbe8ab7fba24ff65d45fec9eeb3b6733b65f30
DIST nginx-1.19.1.tar.gz 1047223 BLAKE2B a5e7345cfb2b40801be923045374d3e81ff14063bbc09bf7a64d4d9be1841d6a1689ab63d54cba823fd54b6a9e7ff110297755e6adb99c832d6e9fb668b6a03d SHA512 e5448e3fd84c53e96db27329e41baa48c21be4169436eda3704012d0e5de15d938f6aa64dc07cb50002c2173b00fb88db4b1a9061d5f47fa7011ffd524a8ba23
+DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-25f86f0bac1101b6512135eac5f93c49c63609e3.tar.gz 16201 BLAKE2B 2da3ce8a9f29b713da4de4cd60fe22256742ff61e1718346e5246ffa0169d5a2e1babb625b16ac52e3b79431f749adb3ee0170957024953c139aaebc7a496478 SHA512 c6eb026f204e1e6f930ab7ca68cca78054318e05a0dc11d897d3516380dbc4e42e93d40334e3088bf348d4b7b182e87c77473974719e5850a4f97666f9babbd6
DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
+DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132ac21fcd1720a2843ce598450198e2b7fe902e9ded15a78b66e8a897e811faa872e4e391bf211c795e320c1ccd57607c319 SHA512 b82e401533c44298c41bc9a1caaf3f7850e42da151c06a77a927f817810ebf5ce01c49ca81de42c326345765c784bb55e28fbf0f6a5500626f51e58a216b53c4
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
+DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
DIST ngx_http_echo-0.62rc1.tar.gz 53331 BLAKE2B e7fded849e34a64804dbbc62cd7b535683c65f12b571a7382d3e6a0700ce000853c40a9715c238414a000361613eb3fa550b72f15eeda6d8d99346a0e54e8604 SHA512 9f4e1a91058c803c14711a1a66175e373ad0e05353c72963c39cda9bc5396e792ec1a3d18738af9991bee35bfd5d39d4c1777859ac1db0c0f73c6873b535746e
DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
+DIST ngx_http_lua-0.10.17.tar.gz 652431 BLAKE2B 324236959f6d09645d0ef0565b8b089f71263e08b78407c72031bbf772be6357a6fe4fb7f433e5e0e8b9fc003bc13574dc404a7218a8d0a8b711eaed2b479baa SHA512 0d14cb92572b215238dd83d60bb4789b77f0bf6b9452fc8b8473bcc652342280ed32d783eb619665fd7f22f6cf6efea9b95f6f6d6a4613553a02b74b95f88d8a
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
@@ -27,3 +31,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.4.1.tar.gz 422917 BLAKE2B 8a6b9c06b74256289636e06437a8160a0e91767959cd2c4dde4f6769437b2654cd2aa6e65902251bd135429c87ef497f7137ffe0afee72c2723d147db8615810 SHA512 58ae280be37ac0402886281837b82a7038ea62d3bde5a0857d8008806937b2d11fe4984986b1e40bd9528ee8d2f5aac271346dc387f30930161cc2b41aa08998
DIST njs-0.4.2.tar.gz 446191 BLAKE2B 0a9c1d2379fce0d7e08592165d0b43cf0dc32c5ce7d7788d018a620946e45c70dfe2c08688b6579a0c9167c99ce3c3478b7889492f38086eaf14515ed1e85aaf SHA512 37998d830967fd4839a0982c7e6c7be5f8bc434ab4a820ead8ea081afa97dec99107abe6608c7a60c7f506d819afe642bc444d4e3df342aee08a41bc7ccb5e9b
+DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
diff --git a/www-servers/nginx/nginx-1.19.2.ebuild b/www-servers/nginx/nginx-1.19.2.ebuild
new file mode 100644
index 00000000000..45ca3321efa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.2.ebuild
@@ -0,0 +1,1093 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.17"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.4.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_pam; then
+ cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-08-13 23:46 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-08-13 23:46 UTC (permalink / raw
To: gentoo-commits
commit: 289ede407ce708fb5bc55bb1ede1eee40923407d
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 13 23:46:11 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Aug 13 23:46:26 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=289ede40
www-servers/nginx: downgrade HTTP LUA module, again
Bug: https://bugs.gentoo.org/726728
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/{nginx-1.19.2.ebuild => nginx-1.19.2-r1.ebuild} | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 562fc215975..527173da1ff 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -17,7 +17,6 @@ DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75
DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
-DIST ngx_http_lua-0.10.17.tar.gz 652431 BLAKE2B 324236959f6d09645d0ef0565b8b089f71263e08b78407c72031bbf772be6357a6fe4fb7f433e5e0e8b9fc003bc13574dc404a7218a8d0a8b711eaed2b479baa SHA512 0d14cb92572b215238dd83d60bb4789b77f0bf6b9452fc8b8473bcc652342280ed32d783eb619665fd7f22f6cf6efea9b95f6f6d6a4613553a02b74b95f88d8a
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
diff --git a/www-servers/nginx/nginx-1.19.2.ebuild b/www-servers/nginx/nginx-1.19.2-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.19.2.ebuild
rename to www-servers/nginx/nginx-1.19.2-r1.ebuild
index 45ca3321efa..541a05f9b06 100644
--- a/www-servers/nginx/nginx-1.19.2.ebuild
+++ b/www-servers/nginx/nginx-1.19.2-r1.ebuild
@@ -59,7 +59,7 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.17"
+HTTP_LUA_MODULE_PV="0.10.15"
HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-08-13 23:46 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-08-13 23:46 UTC (permalink / raw
To: gentoo-commits
commit: 4bcd19f78633810062517f8a8ef43799e99011e3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 13 23:36:14 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Aug 13 23:46:25 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bcd19f7
www-servers/nginx: rev bump
- nginScript module bumped to v0.4.3
- HTTP Auth PAM module bumped to v1.5.2
- HTTP echo module bumped to v0.62
- brotli module switched to new upstream
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
.../nginx/{nginx-1.18.0-r1.ebuild => nginx-1.18.0-r2.ebuild} | 12 ++++++------
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2e6a2023d63..562fc215975 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,7 +6,6 @@ DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-25f86f0bac1101b6512135eac5f93c49c63609e3.tar.gz 16201 BLAKE2B 2da3ce8a9f29b713da4de4cd60fe22256742ff61e1718346e5246ffa0169d5a2e1babb625b16ac52e3b79431f749adb3ee0170957024953c139aaebc7a496478 SHA512 c6eb026f204e1e6f930ab7ca68cca78054318e05a0dc11d897d3516380dbc4e42e93d40334e3088bf348d4b7b182e87c77473974719e5850a4f97666f9babbd6
-DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132ac21fcd1720a2843ce598450198e2b7fe902e9ded15a78b66e8a897e811faa872e4e391bf211c795e320c1ccd57607c319 SHA512 b82e401533c44298c41bc9a1caaf3f7850e42da151c06a77a927f817810ebf5ce01c49ca81de42c326345765c784bb55e28fbf0f6a5500626f51e58a216b53c4
diff --git a/www-servers/nginx/nginx-1.18.0-r1.ebuild b/www-servers/nginx/nginx-1.18.0-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.18.0-r1.ebuild
rename to www-servers/nginx/nginx-1.18.0-r2.ebuild
index cc1a711b92c..e69e9dc9c5d 100644
--- a/www-servers/nginx/nginx-1.18.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.18.0-r2.ebuild
@@ -23,9 +23,9 @@ DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KI
DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
@@ -65,7 +65,7 @@ HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HT
HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
@@ -107,7 +107,7 @@ HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v$
HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62rc1"
+HTTP_ECHO_MODULE_PV="0.62"
HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.1"
+NJS_MODULE_PV="0.4.3"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -393,7 +393,7 @@ src_prepare() {
if use nginx_modules_http_brotli; then
cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
cd "${S}" || die
fi
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-08-13 23:47 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-08-13 23:47 UTC (permalink / raw
To: gentoo-commits
commit: 85cfe6e2c0edb47f019c79258538e76609bf7749
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 13 23:47:12 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Aug 13 23:47:12 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85cfe6e2
www-servers/nginx: security cleanup
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 6 -
www-servers/nginx/nginx-1.19.0-r1.ebuild | 1093 ------------------------------
www-servers/nginx/nginx-1.19.1.ebuild | 1093 ------------------------------
3 files changed, 2192 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 527173da1ff..524ec84efd6 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,18 +1,14 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
-DIST nginx-1.19.0.tar.gz 1043748 BLAKE2B 46647676c2e5dd0b06a1079329d211f7449312873f40d762b1c81841863f61dbc11f836956c006e0283dc79ab9b6bb4b9430136e4c66ff194402413fdc0bdf83 SHA512 3240d5dc59877f9d6a95c8779240675cec9290df079b9d52c06147e58900f2e060e768729669ffaf9a2a90bb9abbe8ab7fba24ff65d45fec9eeb3b6733b65f30
-DIST nginx-1.19.1.tar.gz 1047223 BLAKE2B a5e7345cfb2b40801be923045374d3e81ff14063bbc09bf7a64d4d9be1841d6a1689ab63d54cba823fd54b6a9e7ff110297755e6adb99c832d6e9fb668b6a03d SHA512 e5448e3fd84c53e96db27329e41baa48c21be4169436eda3704012d0e5de15d938f6aa64dc07cb50002c2173b00fb88db4b1a9061d5f47fa7011ffd524a8ba23
DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-25f86f0bac1101b6512135eac5f93c49c63609e3.tar.gz 16201 BLAKE2B 2da3ce8a9f29b713da4de4cd60fe22256742ff61e1718346e5246ffa0169d5a2e1babb625b16ac52e3b79431f749adb3ee0170957024953c139aaebc7a496478 SHA512 c6eb026f204e1e6f930ab7ca68cca78054318e05a0dc11d897d3516380dbc4e42e93d40334e3088bf348d4b7b182e87c77473974719e5850a4f97666f9babbd6
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
-DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132ac21fcd1720a2843ce598450198e2b7fe902e9ded15a78b66e8a897e811faa872e4e391bf211c795e320c1ccd57607c319 SHA512 b82e401533c44298c41bc9a1caaf3f7850e42da151c06a77a927f817810ebf5ce01c49ca81de42c326345765c784bb55e28fbf0f6a5500626f51e58a216b53c4
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
-DIST ngx_http_echo-0.62rc1.tar.gz 53331 BLAKE2B e7fded849e34a64804dbbc62cd7b535683c65f12b571a7382d3e6a0700ce000853c40a9715c238414a000361613eb3fa550b72f15eeda6d8d99346a0e54e8604 SHA512 9f4e1a91058c803c14711a1a66175e373ad0e05353c72963c39cda9bc5396e792ec1a3d18738af9991bee35bfd5d39d4c1777859ac1db0c0f73c6873b535746e
DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
@@ -27,6 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.4.1.tar.gz 422917 BLAKE2B 8a6b9c06b74256289636e06437a8160a0e91767959cd2c4dde4f6769437b2654cd2aa6e65902251bd135429c87ef497f7137ffe0afee72c2723d147db8615810 SHA512 58ae280be37ac0402886281837b82a7038ea62d3bde5a0857d8008806937b2d11fe4984986b1e40bd9528ee8d2f5aac271346dc387f30930161cc2b41aa08998
-DIST njs-0.4.2.tar.gz 446191 BLAKE2B 0a9c1d2379fce0d7e08592165d0b43cf0dc32c5ce7d7788d018a620946e45c70dfe2c08688b6579a0c9167c99ce3c3478b7889492f38086eaf14515ed1e85aaf SHA512 37998d830967fd4839a0982c7e6c7be5f8bc434ab4a820ead8ea081afa97dec99107abe6608c7a60c7f506d819afe642bc444d4e3df342aee08a41bc7ccb5e9b
DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
diff --git a/www-servers/nginx/nginx-1.19.0-r1.ebuild b/www-servers/nginx/nginx-1.19.0-r1.ebuild
deleted file mode 100644
index fafd960ce17..00000000000
--- a/www-servers/nginx/nginx-1.19.0-r1.ebuild
+++ /dev/null
@@ -1,1093 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62rc1"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.1.ebuild b/www-servers/nginx/nginx-1.19.1.ebuild
deleted file mode 100644
index 40f819c0570..00000000000
--- a/www-servers/nginx/nginx-1.19.1.ebuild
+++ /dev/null
@@ -1,1093 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62rc1"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_pam; then
- cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-09-30 18:05 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-09-30 18:05 UTC (permalink / raw
To: gentoo-commits
commit: b040ec2d918e24c64ca5bf4dc2ec8dfc704e7604
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 30 16:41:12 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep 30 18:03:50 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b040ec2d
www-servers/nginx: bump to v1.19.3 mainline
- nginScript module bumped to v0.4.4
- brotli module bumped to v1.0.0rc
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 3 +
www-servers/nginx/nginx-1.19.3.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1090 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 524ec84efd6..884ea4791ac 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,8 +1,10 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
+DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07ba20a0f8b665c29c02b53568bbb0b79a7e583f3a7e7b23ff51cb01b1694eee9a178f7f26ce70f96312655a2b59 SHA512 337fbbb562d1577a2a219bd132c82098a06a49f1ce40ced905fdf255238c4f70dd1f889ec8ae971a4fe5e753f98a356cadc9c766bc089f817d711b12143efcc8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
+DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
DIST ngx_brotli-25f86f0bac1101b6512135eac5f93c49c63609e3.tar.gz 16201 BLAKE2B 2da3ce8a9f29b713da4de4cd60fe22256742ff61e1718346e5246ffa0169d5a2e1babb625b16ac52e3b79431f749adb3ee0170957024953c139aaebc7a496478 SHA512 c6eb026f204e1e6f930ab7ca68cca78054318e05a0dc11d897d3516380dbc4e42e93d40334e3088bf348d4b7b182e87c77473974719e5850a4f97666f9babbd6
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132ac21fcd1720a2843ce598450198e2b7fe902e9ded15a78b66e8a897e811faa872e4e391bf211c795e320c1ccd57607c319 SHA512 b82e401533c44298c41bc9a1caaf3f7850e42da151c06a77a927f817810ebf5ce01c49ca81de42c326345765c784bb55e28fbf0f6a5500626f51e58a216b53c4
@@ -24,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
+DIST njs-0.4.4.tar.gz 486870 BLAKE2B 9390bfe35249ea34b9edd4b7c2360a25c9ecb232e10f35a2324fd8586f5f74e2083d5bd7481c084065d0651ba4fed56958bc2cd1f002d12622238ebc81b9f7c5 SHA512 1bf88d23f99532bb32e96de79e49cc27b60d6231207eb06ea2f6a6884d725f7bbe7b426664aa4c872f7c40549f81489c04c2ae4a7ddd2d03c8cf1d66b9c62c78
diff --git a/www-servers/nginx/nginx-1.19.3.ebuild b/www-servers/nginx/nginx-1.19.3.ebuild
new file mode 100644
index 00000000000..2f271e65ba7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.3.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.4.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-10-29 16:49 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-10-29 16:49 UTC (permalink / raw
To: gentoo-commits
commit: a320c4561f316a2abd83120942038c1011661378
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 29 16:48:42 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Oct 29 16:48:42 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a320c456
www-servers/nginx: bump to v1.19.4
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.19.4.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 884ea4791ac..8b3b88271c3 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07ba20a0f8b665c29c02b53568bbb0b79a7e583f3a7e7b23ff51cb01b1694eee9a178f7f26ce70f96312655a2b59 SHA512 337fbbb562d1577a2a219bd132c82098a06a49f1ce40ced905fdf255238c4f70dd1f889ec8ae971a4fe5e753f98a356cadc9c766bc089f817d711b12143efcc8
+DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be666705e6c5e0034fcf5e43bb0832f036d5230c5b0e8cd4fdbbf80466a9539ed42a84fc7bc9b4a43cb3a5aa60c SHA512 081fdf691d4c4d59391a668f36b4d8b030087c70d4d5e0bc568d41bd7f473b9c1ebbc09ec52d4e7cc68aa9545737e3dac6e653b00dfb1366a063f6463cc30f3f
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.19.4.ebuild b/www-servers/nginx/nginx-1.19.4.ebuild
new file mode 100644
index 00000000000..2f271e65ba7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.4.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.4.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-11-24 19:38 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-11-24 19:38 UTC (permalink / raw
To: gentoo-commits
commit: 501520a3ae302a36a3674b5fd004eba7f9e081a7
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 24 19:37:35 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 24 19:37:35 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=501520a3
www-servers/nginx: bump to v1.19.5
Package-Manager: Portage-3.0.10, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.19.5.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8b3b88271c3..4c1b0c0c07d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c4
DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07ba20a0f8b665c29c02b53568bbb0b79a7e583f3a7e7b23ff51cb01b1694eee9a178f7f26ce70f96312655a2b59 SHA512 337fbbb562d1577a2a219bd132c82098a06a49f1ce40ced905fdf255238c4f70dd1f889ec8ae971a4fe5e753f98a356cadc9c766bc089f817d711b12143efcc8
DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be666705e6c5e0034fcf5e43bb0832f036d5230c5b0e8cd4fdbbf80466a9539ed42a84fc7bc9b4a43cb3a5aa60c SHA512 081fdf691d4c4d59391a668f36b4d8b030087c70d4d5e0bc568d41bd7f473b9c1ebbc09ec52d4e7cc68aa9545737e3dac6e653b00dfb1366a063f6463cc30f3f
+DIST nginx-1.19.5.tar.gz 1055590 BLAKE2B dc838848829553205886f1d538009ecccfd4b0d45bae3268e40eaad6ff1cfd4c4b8f4f93bfcd241e1e17d81c3276298dc047e08f1edabe0a8c941752689c1bb9 SHA512 169bdbbea82127b83c51e818df3dc9056070f0cc56d10257aa7fa7bd6aedc7b70fdfe236ac06bd6442ff4990b36132b054d2654de51a9fe86a19e7cb63edf05c
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.19.5.ebuild b/www-servers/nginx/nginx-1.19.5.ebuild
new file mode 100644
index 00000000000..2f271e65ba7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.5.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.4.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-12-02 23:15 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-12-02 23:15 UTC (permalink / raw
To: gentoo-commits
commit: 99f941df0c1b990f0b33b498dd4c3aa90a308bc1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 2 23:14:31 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Dec 2 23:15:48 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99f941df
www-servers/nginx: rev bump
- nginScript module bumped to v0.5.0
Package-Manager: Portage-3.0.10, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.19.5-r1.ebuild | 1087 ++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 4c1b0c0c07d..7c42cd889b6 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
DIST njs-0.4.4.tar.gz 486870 BLAKE2B 9390bfe35249ea34b9edd4b7c2360a25c9ecb232e10f35a2324fd8586f5f74e2083d5bd7481c084065d0651ba4fed56958bc2cd1f002d12622238ebc81b9f7c5 SHA512 1bf88d23f99532bb32e96de79e49cc27b60d6231207eb06ea2f6a6884d725f7bbe7b426664aa4c872f7c40549f81489c04c2ae4a7ddd2d03c8cf1d66b9c62c78
+DIST njs-0.5.0.tar.gz 505568 BLAKE2B 5dc2a91bffa4eb2364d96e26def0959b111cc8bf88841f581e3c0d43fcb88ba1ea24b24339cb1f51b8290c08dd930dc18a274a7ab6a21ee4ba8b0e6c4f5a1ba0 SHA512 182a64ba519b1a1d29ac71ffe2c9ef8e5a6f9aaf3db9f327ac926114db73b339a424801b558068fc7ae06ae88a4dea0a601c749db4b6f2b579e427181e41d11b
diff --git a/www-servers/nginx/nginx-1.19.5-r1.ebuild b/www-servers/nginx/nginx-1.19.5-r1.ebuild
new file mode 100644
index 00000000000..46d444142cc
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.5-r1.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2020-12-15 21:43 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2020-12-15 21:43 UTC (permalink / raw
To: gentoo-commits
commit: 7a267e68deb436a26b8b90c891840010e9e6b350
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 15 21:02:49 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 15 21:43:33 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a267e68
www-servers/nginx: bump to v1.19.6
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.19.6.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 7c42cd889b6..6d2d5db024d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2
DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07ba20a0f8b665c29c02b53568bbb0b79a7e583f3a7e7b23ff51cb01b1694eee9a178f7f26ce70f96312655a2b59 SHA512 337fbbb562d1577a2a219bd132c82098a06a49f1ce40ced905fdf255238c4f70dd1f889ec8ae971a4fe5e753f98a356cadc9c766bc089f817d711b12143efcc8
DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be666705e6c5e0034fcf5e43bb0832f036d5230c5b0e8cd4fdbbf80466a9539ed42a84fc7bc9b4a43cb3a5aa60c SHA512 081fdf691d4c4d59391a668f36b4d8b030087c70d4d5e0bc568d41bd7f473b9c1ebbc09ec52d4e7cc68aa9545737e3dac6e653b00dfb1366a063f6463cc30f3f
DIST nginx-1.19.5.tar.gz 1055590 BLAKE2B dc838848829553205886f1d538009ecccfd4b0d45bae3268e40eaad6ff1cfd4c4b8f4f93bfcd241e1e17d81c3276298dc047e08f1edabe0a8c941752689c1bb9 SHA512 169bdbbea82127b83c51e818df3dc9056070f0cc56d10257aa7fa7bd6aedc7b70fdfe236ac06bd6442ff4990b36132b054d2654de51a9fe86a19e7cb63edf05c
+DIST nginx-1.19.6.tar.gz 1055982 BLAKE2B 6d818122b3bdf46b6c9ecb83a00d470b3db0f26f05140340c033d1d0851d679d077ce1853f8d0a1c0140bfdac2764e5702913e87149dccefda2c6f7bf8ac8845 SHA512 1249c56b124a8de71f5d722e53d599f3b0cb14dc0f95b1eb905a6a8019b2d33f8e76874de2a88d49c4c82ee4fa7aabd42e5044a0a110892c23b50f71cb632148
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.19.6.ebuild b/www-servers/nginx/nginx-1.19.6.ebuild
new file mode 100644
index 00000000000..46d444142cc
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.6.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( dev-lang/luajit:2= )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ luajit
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use luajit ; then
+ sed -i \
+ -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+ export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D%/}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED%/}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED%/}"/run || die
+
+ if use luajit; then
+ pax-mark m "${ED%/}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-02-03 21:44 Ben Kohler
0 siblings, 0 replies; 277+ messages in thread
From: Ben Kohler @ 2021-02-03 21:44 UTC (permalink / raw
To: gentoo-commits
commit: 0da27079d45553ba19ea624f88b1541af52a07b4
Author: Ben Kohler <bkohler <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 3 21:44:23 2021 +0000
Commit: Ben Kohler <bkohler <AT> gentoo <DOT> org>
CommitDate: Wed Feb 3 21:44:46 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0da27079
www-servers/nginx: fix versionator usage on new EAPI=7 ebuild
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Ben Kohler <bkohler <AT> gentoo.org>
www-servers/nginx/nginx-1.19.6-r100.ebuild | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/www-servers/nginx/nginx-1.19.6-r100.ebuild b/www-servers/nginx/nginx-1.19.6-r100.ebuild
index 0d7ed9f60c5..60f48de8f52 100644
--- a/www-servers/nginx/nginx-1.19.6-r100.ebuild
+++ b/www-servers/nginx/nginx-1.19.6-r100.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -900,7 +900,7 @@ pkg_postinst() {
# do not need to distinguish between stable and mainline
local _need_to_fix_CVE2013_0337=1
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
# We are updating an installation which should already be fixed
_need_to_fix_CVE2013_0337=0
debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
@@ -911,7 +911,7 @@ pkg_postinst() {
# Do we need to inform about HTTPoxy mitigation?
# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
# Updating from <1.10
_has_to_show_httpoxy_mitigation_notice=1
debug-print "Need to inform about HTTPoxy mitigation!"
@@ -934,7 +934,7 @@ pkg_postinst() {
_fixed_in_pvr=
esac
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
# We are updating an installation where we already informed
# that we are mitigating HTTPoxy per default
_has_to_show_httpoxy_mitigation_notice=0
@@ -949,7 +949,7 @@ pkg_postinst() {
# All branches up to 1.11 are affected
local _need_to_fix_CVE2016_1247=1
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
# Updating from <1.10
_has_to_adjust_permissions=1
debug-print "Need to adjust permissions to fix CVE-2016-1247!"
@@ -972,7 +972,7 @@ pkg_postinst() {
_fixed_in_pvr=
esac
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
# We are updating an installation which should already be adjusted
# or which was never affected
_need_to_fix_CVE2016_1247=0
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-02-21 2:17 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-02-21 2:17 UTC (permalink / raw
To: gentoo-commits
commit: 5da9587cb267b3a380eebf531c89d023849691ea
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 00:56:38 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 02:17:16 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5da9587c
www-servers/nginx: bump to v1.19.7 mainline
- nginScript module bumped to v0.5.1
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.19.7.ebuild | 1090 +++++++++++++++++++++++++++++++++
2 files changed, 1092 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6d2d5db024d..f8250017165 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,6 +5,7 @@ DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07b
DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be666705e6c5e0034fcf5e43bb0832f036d5230c5b0e8cd4fdbbf80466a9539ed42a84fc7bc9b4a43cb3a5aa60c SHA512 081fdf691d4c4d59391a668f36b4d8b030087c70d4d5e0bc568d41bd7f473b9c1ebbc09ec52d4e7cc68aa9545737e3dac6e653b00dfb1366a063f6463cc30f3f
DIST nginx-1.19.5.tar.gz 1055590 BLAKE2B dc838848829553205886f1d538009ecccfd4b0d45bae3268e40eaad6ff1cfd4c4b8f4f93bfcd241e1e17d81c3276298dc047e08f1edabe0a8c941752689c1bb9 SHA512 169bdbbea82127b83c51e818df3dc9056070f0cc56d10257aa7fa7bd6aedc7b70fdfe236ac06bd6442ff4990b36132b054d2654de51a9fe86a19e7cb63edf05c
DIST nginx-1.19.6.tar.gz 1055982 BLAKE2B 6d818122b3bdf46b6c9ecb83a00d470b3db0f26f05140340c033d1d0851d679d077ce1853f8d0a1c0140bfdac2764e5702913e87149dccefda2c6f7bf8ac8845 SHA512 1249c56b124a8de71f5d722e53d599f3b0cb14dc0f95b1eb905a6a8019b2d33f8e76874de2a88d49c4c82ee4fa7aabd42e5044a0a110892c23b50f71cb632148
+DIST nginx-1.19.7.tar.gz 1056631 BLAKE2B f7a62a2b7c1a8c91a01e54954323cddc7a948ab5b65f51594549b8b67e50ea954c4cd5b740f538472c6de7c4041b39b22a48beac37083900e6f0a015408316bc SHA512 660f03533581f350bbfe9a519fd0ee59c543c78be98aa5287df20a89653545b29fc98282548eab1741fb1d5c26da140166b6712ee06e498ba518019588f9b747
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -31,3 +32,4 @@ DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b
DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
DIST njs-0.4.4.tar.gz 486870 BLAKE2B 9390bfe35249ea34b9edd4b7c2360a25c9ecb232e10f35a2324fd8586f5f74e2083d5bd7481c084065d0651ba4fed56958bc2cd1f002d12622238ebc81b9f7c5 SHA512 1bf88d23f99532bb32e96de79e49cc27b60d6231207eb06ea2f6a6884d725f7bbe7b426664aa4c872f7c40549f81489c04c2ae4a7ddd2d03c8cf1d66b9c62c78
DIST njs-0.5.0.tar.gz 505568 BLAKE2B 5dc2a91bffa4eb2364d96e26def0959b111cc8bf88841f581e3c0d43fcb88ba1ea24b24339cb1f51b8290c08dd930dc18a274a7ab6a21ee4ba8b0e6c4f5a1ba0 SHA512 182a64ba519b1a1d29ac71ffe2c9ef8e5a6f9aaf3db9f327ac926114db73b339a424801b558068fc7ae06ae88a4dea0a601c749db4b6f2b579e427181e41d11b
+DIST njs-0.5.1.tar.gz 516345 BLAKE2B b861ff1e62eddeb8aabf6908253dba1393a32a04636a082dee979a52d320a7ecb12f961213652886a210ee9569460a3214d823cb5f7c3b025378b7cf6d64659f SHA512 bbc06e57a152a5dc5c71305a4bec80d6d3d6f886a82d6c39d82aa8f52add56029b7f38199f11789648539bcbba2a488dc6e64874fef0222479775708559f4da9
diff --git a/www-servers/nginx/nginx-1.19.7.ebuild b/www-servers/nginx/nginx-1.19.7.ebuild
new file mode 100644
index 00000000000..9b3d0583c9e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.7.ebuild
@@ -0,0 +1,1090 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-03-09 18:46 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-03-09 18:46 UTC (permalink / raw
To: gentoo-commits
commit: 9cb09a58456042cd97912344fd2ef219ac7fbd5b
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 9 18:45:18 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 9 18:45:18 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cb09a58
www-servers/nginx: bump to v1.19.8 mainline
- nginScript module bumped to v0.5.2
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.19.8.ebuild | 1090 +++++++++++++++++++++++++++++++++
2 files changed, 1092 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f8250017165..cfe278aa643 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,6 +6,7 @@ DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be
DIST nginx-1.19.5.tar.gz 1055590 BLAKE2B dc838848829553205886f1d538009ecccfd4b0d45bae3268e40eaad6ff1cfd4c4b8f4f93bfcd241e1e17d81c3276298dc047e08f1edabe0a8c941752689c1bb9 SHA512 169bdbbea82127b83c51e818df3dc9056070f0cc56d10257aa7fa7bd6aedc7b70fdfe236ac06bd6442ff4990b36132b054d2654de51a9fe86a19e7cb63edf05c
DIST nginx-1.19.6.tar.gz 1055982 BLAKE2B 6d818122b3bdf46b6c9ecb83a00d470b3db0f26f05140340c033d1d0851d679d077ce1853f8d0a1c0140bfdac2764e5702913e87149dccefda2c6f7bf8ac8845 SHA512 1249c56b124a8de71f5d722e53d599f3b0cb14dc0f95b1eb905a6a8019b2d33f8e76874de2a88d49c4c82ee4fa7aabd42e5044a0a110892c23b50f71cb632148
DIST nginx-1.19.7.tar.gz 1056631 BLAKE2B f7a62a2b7c1a8c91a01e54954323cddc7a948ab5b65f51594549b8b67e50ea954c4cd5b740f538472c6de7c4041b39b22a48beac37083900e6f0a015408316bc SHA512 660f03533581f350bbfe9a519fd0ee59c543c78be98aa5287df20a89653545b29fc98282548eab1741fb1d5c26da140166b6712ee06e498ba518019588f9b747
+DIST nginx-1.19.8.tar.gz 1060155 BLAKE2B c540cfb86886ad60beefcaffa7c9ad4f79807bdff3fed9f6c2f23d38d46aaba4f0489ada289f14881f206de290a37b58934254e9690a707ac639204602530218 SHA512 da548dc459f7a921e2f6ea54f543496244e820acbdf3effc4db331717f69b710181fbfdac3be101cd7d1c39e3ca37a94f9a9c4017f11da843ed85a34acf26bc2
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -33,3 +34,4 @@ DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac887
DIST njs-0.4.4.tar.gz 486870 BLAKE2B 9390bfe35249ea34b9edd4b7c2360a25c9ecb232e10f35a2324fd8586f5f74e2083d5bd7481c084065d0651ba4fed56958bc2cd1f002d12622238ebc81b9f7c5 SHA512 1bf88d23f99532bb32e96de79e49cc27b60d6231207eb06ea2f6a6884d725f7bbe7b426664aa4c872f7c40549f81489c04c2ae4a7ddd2d03c8cf1d66b9c62c78
DIST njs-0.5.0.tar.gz 505568 BLAKE2B 5dc2a91bffa4eb2364d96e26def0959b111cc8bf88841f581e3c0d43fcb88ba1ea24b24339cb1f51b8290c08dd930dc18a274a7ab6a21ee4ba8b0e6c4f5a1ba0 SHA512 182a64ba519b1a1d29ac71ffe2c9ef8e5a6f9aaf3db9f327ac926114db73b339a424801b558068fc7ae06ae88a4dea0a601c749db4b6f2b579e427181e41d11b
DIST njs-0.5.1.tar.gz 516345 BLAKE2B b861ff1e62eddeb8aabf6908253dba1393a32a04636a082dee979a52d320a7ecb12f961213652886a210ee9569460a3214d823cb5f7c3b025378b7cf6d64659f SHA512 bbc06e57a152a5dc5c71305a4bec80d6d3d6f886a82d6c39d82aa8f52add56029b7f38199f11789648539bcbba2a488dc6e64874fef0222479775708559f4da9
+DIST njs-0.5.2.tar.gz 519331 BLAKE2B d2315ce563650a3985c1e40e3fcf17cdd69de5379f4213674db39bb2c7fb3f62df710e3bfccc0391e4bba2c19362f69d6574b4691e858c60af398c1131e3b79a SHA512 47ac82edd63059a38753371deafb5efe8e1c71f2533f1bf78e8ed56d6e7bfea801cb4a1213597bd73fc3e51263b394750efa29c5f1f3581c62f99c935fdfec99
diff --git a/www-servers/nginx/nginx-1.19.8.ebuild b/www-servers/nginx/nginx-1.19.8.ebuild
new file mode 100644
index 00000000000..ef29be90f4d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.8.ebuild
@@ -0,0 +1,1090 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-03-30 17:45 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-03-30 17:45 UTC (permalink / raw
To: gentoo-commits
commit: e202e2b0086f8aace8d5699dc8046cf814c205e0
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 30 17:44:38 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 30 17:45:12 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e202e2b0
www-servers/nginx: bump to v1.19.9 mainline
- nginScript module bumped to v0.5.3
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.19.9.ebuild | 1090 +++++++++++++++++++++++++++++++++
2 files changed, 1092 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index cfe278aa643..7aec1428e51 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -7,6 +7,7 @@ DIST nginx-1.19.5.tar.gz 1055590 BLAKE2B dc838848829553205886f1d538009ecccfd4b0d
DIST nginx-1.19.6.tar.gz 1055982 BLAKE2B 6d818122b3bdf46b6c9ecb83a00d470b3db0f26f05140340c033d1d0851d679d077ce1853f8d0a1c0140bfdac2764e5702913e87149dccefda2c6f7bf8ac8845 SHA512 1249c56b124a8de71f5d722e53d599f3b0cb14dc0f95b1eb905a6a8019b2d33f8e76874de2a88d49c4c82ee4fa7aabd42e5044a0a110892c23b50f71cb632148
DIST nginx-1.19.7.tar.gz 1056631 BLAKE2B f7a62a2b7c1a8c91a01e54954323cddc7a948ab5b65f51594549b8b67e50ea954c4cd5b740f538472c6de7c4041b39b22a48beac37083900e6f0a015408316bc SHA512 660f03533581f350bbfe9a519fd0ee59c543c78be98aa5287df20a89653545b29fc98282548eab1741fb1d5c26da140166b6712ee06e498ba518019588f9b747
DIST nginx-1.19.8.tar.gz 1060155 BLAKE2B c540cfb86886ad60beefcaffa7c9ad4f79807bdff3fed9f6c2f23d38d46aaba4f0489ada289f14881f206de290a37b58934254e9690a707ac639204602530218 SHA512 da548dc459f7a921e2f6ea54f543496244e820acbdf3effc4db331717f69b710181fbfdac3be101cd7d1c39e3ca37a94f9a9c4017f11da843ed85a34acf26bc2
+DIST nginx-1.19.9.tar.gz 1060580 BLAKE2B 896f58de8051dcf76fc65b9e8263099e7d4c797832b5f9c354fe2440ff4a3155c0d9139a4022e4d828d17f11259be6853b264e22e43a986d249b5dc53a075d35 SHA512 a418aa22046f641afd95ee661c77c469d21c9957aa5ab74c4186526fcd18e0d701ee933a76ab143081b4b3f8815484074c2609aa257646218bf6b4b739b3cb88
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -35,3 +36,4 @@ DIST njs-0.4.4.tar.gz 486870 BLAKE2B 9390bfe35249ea34b9edd4b7c2360a25c9ecb232e10
DIST njs-0.5.0.tar.gz 505568 BLAKE2B 5dc2a91bffa4eb2364d96e26def0959b111cc8bf88841f581e3c0d43fcb88ba1ea24b24339cb1f51b8290c08dd930dc18a274a7ab6a21ee4ba8b0e6c4f5a1ba0 SHA512 182a64ba519b1a1d29ac71ffe2c9ef8e5a6f9aaf3db9f327ac926114db73b339a424801b558068fc7ae06ae88a4dea0a601c749db4b6f2b579e427181e41d11b
DIST njs-0.5.1.tar.gz 516345 BLAKE2B b861ff1e62eddeb8aabf6908253dba1393a32a04636a082dee979a52d320a7ecb12f961213652886a210ee9569460a3214d823cb5f7c3b025378b7cf6d64659f SHA512 bbc06e57a152a5dc5c71305a4bec80d6d3d6f886a82d6c39d82aa8f52add56029b7f38199f11789648539bcbba2a488dc6e64874fef0222479775708559f4da9
DIST njs-0.5.2.tar.gz 519331 BLAKE2B d2315ce563650a3985c1e40e3fcf17cdd69de5379f4213674db39bb2c7fb3f62df710e3bfccc0391e4bba2c19362f69d6574b4691e858c60af398c1131e3b79a SHA512 47ac82edd63059a38753371deafb5efe8e1c71f2533f1bf78e8ed56d6e7bfea801cb4a1213597bd73fc3e51263b394750efa29c5f1f3581c62f99c935fdfec99
+DIST njs-0.5.3.tar.gz 519938 BLAKE2B 1d06f8a20f6c37977e3b4b9afa0f136761a6998b85739a9853bb41d70ea6af42f49541035961fd0251eda2e10579f7bf983eaec2f9e19460138e53f44b9e6788 SHA512 b1d2e7498c37cc1df18e0f65866391637bf75d3d251fc7d7ad1ef5c76457697f49eaea088e1d157c94a6e779e9b8cc07b3f5aaac965666624506f517f6878c23
diff --git a/www-servers/nginx/nginx-1.19.9.ebuild b/www-servers/nginx/nginx-1.19.9.ebuild
new file mode 100644
index 00000000000..951ed700dca
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.9.ebuild
@@ -0,0 +1,1090 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-04-05 13:45 Mike Gilbert
0 siblings, 0 replies; 277+ messages in thread
From: Mike Gilbert @ 2021-04-05 13:45 UTC (permalink / raw
To: gentoo-commits
commit: a5bdde32593614254a4946990cf350dc50e2407c
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 5 01:50:05 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 5 13:45:06 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5bdde32
www-servers/nginx: avoid using EROOT in src_configure
For EAPI 7, use ESYSROOT since these paths are used to locate
headers and libraries to build against.
For older EAPIs, approximate ESYSROOT as "${SYSROOT}${EPREFIX}".
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
www-servers/nginx/nginx-1.18.0-r2.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.2-r1.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.3.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.4.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.5-r1.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.5.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.6-r100.ebuild | 4 ++--
www-servers/nginx/nginx-1.19.6.ebuild | 6 +++---
www-servers/nginx/nginx-1.19.7.ebuild | 4 ++--
www-servers/nginx/nginx-1.19.8.ebuild | 4 ++--
www-servers/nginx/nginx-1.19.9.ebuild | 4 ++--
11 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/www-servers/nginx/nginx-1.18.0-r2.ebuild b/www-servers/nginx/nginx-1.18.0-r2.ebuild
index c4aa1254fc9..b8b349e004f 100644
--- a/www-servers/nginx/nginx-1.18.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.18.0-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.2-r1.ebuild b/www-servers/nginx/nginx-1.19.2-r1.ebuild
index a23f3375b04..d47ca62ec2e 100644
--- a/www-servers/nginx/nginx-1.19.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.19.2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.3.ebuild b/www-servers/nginx/nginx-1.19.3.ebuild
index 2f271e65ba7..ce32ad30570 100644
--- a/www-servers/nginx/nginx-1.19.3.ebuild
+++ b/www-servers/nginx/nginx-1.19.3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.4.ebuild b/www-servers/nginx/nginx-1.19.4.ebuild
index 2f271e65ba7..ce32ad30570 100644
--- a/www-servers/nginx/nginx-1.19.4.ebuild
+++ b/www-servers/nginx/nginx-1.19.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.5-r1.ebuild b/www-servers/nginx/nginx-1.19.5-r1.ebuild
index 46d444142cc..6faad622548 100644
--- a/www-servers/nginx/nginx-1.19.5-r1.ebuild
+++ b/www-servers/nginx/nginx-1.19.5-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.5.ebuild b/www-servers/nginx/nginx-1.19.5.ebuild
index 2f271e65ba7..ce32ad30570 100644
--- a/www-servers/nginx/nginx-1.19.5.ebuild
+++ b/www-servers/nginx/nginx-1.19.5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.6-r100.ebuild b/www-servers/nginx/nginx-1.19.6-r100.ebuild
index 60f48de8f52..9b9833f08b8 100644
--- a/www-servers/nginx/nginx-1.19.6-r100.ebuild
+++ b/www-servers/nginx/nginx-1.19.6-r100.ebuild
@@ -683,8 +683,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.6.ebuild b/www-servers/nginx/nginx-1.19.6.ebuild
index 46d444142cc..6faad622548 100644
--- a/www-servers/nginx/nginx-1.19.6.ebuild
+++ b/www-servers/nginx/nginx-1.19.6.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@@ -680,8 +680,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+ --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.7.ebuild b/www-servers/nginx/nginx-1.19.7.ebuild
index 9b3d0583c9e..719ca29bc30 100644
--- a/www-servers/nginx/nginx-1.19.7.ebuild
+++ b/www-servers/nginx/nginx-1.19.7.ebuild
@@ -683,8 +683,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.8.ebuild b/www-servers/nginx/nginx-1.19.8.ebuild
index ef29be90f4d..2b46bcc6508 100644
--- a/www-servers/nginx/nginx-1.19.8.ebuild
+++ b/www-servers/nginx/nginx-1.19.8.ebuild
@@ -683,8 +683,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
diff --git a/www-servers/nginx/nginx-1.19.9.ebuild b/www-servers/nginx/nginx-1.19.9.ebuild
index 951ed700dca..11e748bc8c2 100644
--- a/www-servers/nginx/nginx-1.19.9.ebuild
+++ b/www-servers/nginx/nginx-1.19.9.ebuild
@@ -683,8 +683,8 @@ src_configure() {
--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
--pid-path="${EPREFIX}"/run/${PN}.pid \
--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${EROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${EROOT}/usr/$(get_libdir)" \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-04-13 18:16 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-04-13 18:16 UTC (permalink / raw
To: gentoo-commits
commit: 99c1d74f7ed57b0047836e8c91cf8b238eeaef7e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 13 18:16:18 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 13 18:16:18 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99c1d74f
www-servers/nginx: drop old
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 11 -
www-servers/nginx/nginx-1.19.2-r1.ebuild | 1087 ---------------------------
www-servers/nginx/nginx-1.19.3.ebuild | 1087 ---------------------------
www-servers/nginx/nginx-1.19.4.ebuild | 1087 ---------------------------
www-servers/nginx/nginx-1.19.5-r1.ebuild | 1087 ---------------------------
www-servers/nginx/nginx-1.19.5.ebuild | 1087 ---------------------------
www-servers/nginx/nginx-1.19.6-r100.ebuild | 1090 ----------------------------
www-servers/nginx/nginx-1.19.6.ebuild | 1087 ---------------------------
www-servers/nginx/nginx-1.19.7.ebuild | 1090 ----------------------------
www-servers/nginx/nginx-1.19.8.ebuild | 1090 ----------------------------
10 files changed, 9803 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f33f6e8a522..6dd748e1dc0 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,13 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-1.19.10.tar.gz 1061062 BLAKE2B e6ba3023f34235ef3fc54cdaeda6ba357cab2f8bc3d639c218a87ba5ce3d5650d9f2356cc5fef5ce84db8977f5d46057d83c2730a9239b5759cbef665813872d SHA512 aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea
-DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
-DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07ba20a0f8b665c29c02b53568bbb0b79a7e583f3a7e7b23ff51cb01b1694eee9a178f7f26ce70f96312655a2b59 SHA512 337fbbb562d1577a2a219bd132c82098a06a49f1ce40ced905fdf255238c4f70dd1f889ec8ae971a4fe5e753f98a356cadc9c766bc089f817d711b12143efcc8
-DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be666705e6c5e0034fcf5e43bb0832f036d5230c5b0e8cd4fdbbf80466a9539ed42a84fc7bc9b4a43cb3a5aa60c SHA512 081fdf691d4c4d59391a668f36b4d8b030087c70d4d5e0bc568d41bd7f473b9c1ebbc09ec52d4e7cc68aa9545737e3dac6e653b00dfb1366a063f6463cc30f3f
-DIST nginx-1.19.5.tar.gz 1055590 BLAKE2B dc838848829553205886f1d538009ecccfd4b0d45bae3268e40eaad6ff1cfd4c4b8f4f93bfcd241e1e17d81c3276298dc047e08f1edabe0a8c941752689c1bb9 SHA512 169bdbbea82127b83c51e818df3dc9056070f0cc56d10257aa7fa7bd6aedc7b70fdfe236ac06bd6442ff4990b36132b054d2654de51a9fe86a19e7cb63edf05c
-DIST nginx-1.19.6.tar.gz 1055982 BLAKE2B 6d818122b3bdf46b6c9ecb83a00d470b3db0f26f05140340c033d1d0851d679d077ce1853f8d0a1c0140bfdac2764e5702913e87149dccefda2c6f7bf8ac8845 SHA512 1249c56b124a8de71f5d722e53d599f3b0cb14dc0f95b1eb905a6a8019b2d33f8e76874de2a88d49c4c82ee4fa7aabd42e5044a0a110892c23b50f71cb632148
-DIST nginx-1.19.7.tar.gz 1056631 BLAKE2B f7a62a2b7c1a8c91a01e54954323cddc7a948ab5b65f51594549b8b67e50ea954c4cd5b740f538472c6de7c4041b39b22a48beac37083900e6f0a015408316bc SHA512 660f03533581f350bbfe9a519fd0ee59c543c78be98aa5287df20a89653545b29fc98282548eab1741fb1d5c26da140166b6712ee06e498ba518019588f9b747
-DIST nginx-1.19.8.tar.gz 1060155 BLAKE2B c540cfb86886ad60beefcaffa7c9ad4f79807bdff3fed9f6c2f23d38d46aaba4f0489ada289f14881f206de290a37b58934254e9690a707ac639204602530218 SHA512 da548dc459f7a921e2f6ea54f543496244e820acbdf3effc4db331717f69b710181fbfdac3be101cd7d1c39e3ca37a94f9a9c4017f11da843ed85a34acf26bc2
DIST nginx-1.19.9.tar.gz 1060580 BLAKE2B 896f58de8051dcf76fc65b9e8263099e7d4c797832b5f9c354fe2440ff4a3155c0d9139a4022e4d828d17f11259be6853b264e22e43a986d249b5dc53a075d35 SHA512 a418aa22046f641afd95ee661c77c469d21c9957aa5ab74c4186526fcd18e0d701ee933a76ab143081b4b3f8815484074c2609aa257646218bf6b4b739b3cb88
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -33,8 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
-DIST njs-0.4.4.tar.gz 486870 BLAKE2B 9390bfe35249ea34b9edd4b7c2360a25c9ecb232e10f35a2324fd8586f5f74e2083d5bd7481c084065d0651ba4fed56958bc2cd1f002d12622238ebc81b9f7c5 SHA512 1bf88d23f99532bb32e96de79e49cc27b60d6231207eb06ea2f6a6884d725f7bbe7b426664aa4c872f7c40549f81489c04c2ae4a7ddd2d03c8cf1d66b9c62c78
-DIST njs-0.5.0.tar.gz 505568 BLAKE2B 5dc2a91bffa4eb2364d96e26def0959b111cc8bf88841f581e3c0d43fcb88ba1ea24b24339cb1f51b8290c08dd930dc18a274a7ab6a21ee4ba8b0e6c4f5a1ba0 SHA512 182a64ba519b1a1d29ac71ffe2c9ef8e5a6f9aaf3db9f327ac926114db73b339a424801b558068fc7ae06ae88a4dea0a601c749db4b6f2b579e427181e41d11b
-DIST njs-0.5.1.tar.gz 516345 BLAKE2B b861ff1e62eddeb8aabf6908253dba1393a32a04636a082dee979a52d320a7ecb12f961213652886a210ee9569460a3214d823cb5f7c3b025378b7cf6d64659f SHA512 bbc06e57a152a5dc5c71305a4bec80d6d3d6f886a82d6c39d82aa8f52add56029b7f38199f11789648539bcbba2a488dc6e64874fef0222479775708559f4da9
-DIST njs-0.5.2.tar.gz 519331 BLAKE2B d2315ce563650a3985c1e40e3fcf17cdd69de5379f4213674db39bb2c7fb3f62df710e3bfccc0391e4bba2c19362f69d6574b4691e858c60af398c1131e3b79a SHA512 47ac82edd63059a38753371deafb5efe8e1c71f2533f1bf78e8ed56d6e7bfea801cb4a1213597bd73fc3e51263b394750efa29c5f1f3581c62f99c935fdfec99
DIST njs-0.5.3.tar.gz 519938 BLAKE2B 1d06f8a20f6c37977e3b4b9afa0f136761a6998b85739a9853bb41d70ea6af42f49541035961fd0251eda2e10579f7bf983eaec2f9e19460138e53f44b9e6788 SHA512 b1d2e7498c37cc1df18e0f65866391637bf75d3d251fc7d7ad1ef5c76457697f49eaea088e1d157c94a6e779e9b8cc07b3f5aaac965666624506f517f6878c23
diff --git a/www-servers/nginx/nginx-1.19.2-r1.ebuild b/www-servers/nginx/nginx-1.19.2-r1.ebuild
deleted file mode 100644
index d47ca62ec2e..00000000000
--- a/www-servers/nginx/nginx-1.19.2-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.3.ebuild b/www-servers/nginx/nginx-1.19.3.ebuild
deleted file mode 100644
index ce32ad30570..00000000000
--- a/www-servers/nginx/nginx-1.19.3.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.4.ebuild b/www-servers/nginx/nginx-1.19.4.ebuild
deleted file mode 100644
index ce32ad30570..00000000000
--- a/www-servers/nginx/nginx-1.19.4.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.5-r1.ebuild b/www-servers/nginx/nginx-1.19.5-r1.ebuild
deleted file mode 100644
index 6faad622548..00000000000
--- a/www-servers/nginx/nginx-1.19.5-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.5.ebuild b/www-servers/nginx/nginx-1.19.5.ebuild
deleted file mode 100644
index ce32ad30570..00000000000
--- a/www-servers/nginx/nginx-1.19.5.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.6-r100.ebuild b/www-servers/nginx/nginx-1.19.6-r100.ebuild
deleted file mode 100644
index 9b9833f08b8..00000000000
--- a/www-servers/nginx/nginx-1.19.6-r100.ebuild
+++ /dev/null
@@ -1,1090 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.6.ebuild b/www-servers/nginx/nginx-1.19.6.ebuild
deleted file mode 100644
index 6faad622548..00000000000
--- a/www-servers/nginx/nginx-1.19.6.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
- export LUAJIT_INC=$(pkg-config --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.7.ebuild b/www-servers/nginx/nginx-1.19.7.ebuild
deleted file mode 100644
index 719ca29bc30..00000000000
--- a/www-servers/nginx/nginx-1.19.7.ebuild
+++ /dev/null
@@ -1,1090 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.8.ebuild b/www-servers/nginx/nginx-1.19.8.ebuild
deleted file mode 100644
index 2b46bcc6508..00000000000
--- a/www-servers/nginx/nginx-1.19.8.ebuild
+++ /dev/null
@@ -1,1090 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
- )
- http-cache? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-04-13 18:16 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-04-13 18:16 UTC (permalink / raw
To: gentoo-commits
commit: c057056cb7bfe7816d027b099bb6c25bd796c024
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 13 18:15:20 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 13 18:15:20 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c057056c
www-servers/nginx: bump to v1.19.10
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.19.10.ebuild | 1090 ++++++++++++++++++++++++++++++++
2 files changed, 1091 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 7aec1428e51..f33f6e8a522 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
+DIST nginx-1.19.10.tar.gz 1061062 BLAKE2B e6ba3023f34235ef3fc54cdaeda6ba357cab2f8bc3d639c218a87ba5ce3d5650d9f2356cc5fef5ce84db8977f5d46057d83c2730a9239b5759cbef665813872d SHA512 aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea
DIST nginx-1.19.2.tar.gz 1048727 BLAKE2B db00b5945ed82fe90059269ba987931642981a2b8fa1cb24e0d842b97d89857993f99443c644d9217af29430b868ee8efd90dbc5daefd719d0f98c0766601554 SHA512 f6232d58a91db486cf36cc027ab84f04ad25aeafe586051043f0f3295dad5f475094f7cedad142ef0f56ff15a0971d700d6ec34b68697c462364650c49be8fcc
DIST nginx-1.19.3.tar.gz 1052581 BLAKE2B 96cbbb4224ca8fcddc67b8fd025acdb31b1a07ba20a0f8b665c29c02b53568bbb0b79a7e583f3a7e7b23ff51cb01b1694eee9a178f7f26ce70f96312655a2b59 SHA512 337fbbb562d1577a2a219bd132c82098a06a49f1ce40ced905fdf255238c4f70dd1f889ec8ae971a4fe5e753f98a356cadc9c766bc089f817d711b12143efcc8
DIST nginx-1.19.4.tar.gz 1054974 BLAKE2B 7f6cff700fe4816d724abef427775525956f1be666705e6c5e0034fcf5e43bb0832f036d5230c5b0e8cd4fdbbf80466a9539ed42a84fc7bc9b4a43cb3a5aa60c SHA512 081fdf691d4c4d59391a668f36b4d8b030087c70d4d5e0bc568d41bd7f473b9c1ebbc09ec52d4e7cc68aa9545737e3dac6e653b00dfb1366a063f6463cc30f3f
diff --git a/www-servers/nginx/nginx-1.19.10.ebuild b/www-servers/nginx/nginx-1.19.10.ebuild
new file mode 100644
index 00000000000..11e748bc8c2
--- /dev/null
+++ b/www-servers/nginx/nginx-1.19.10.ebuild
@@ -0,0 +1,1090 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http2? (
+ !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ http-cache? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-05-02 9:54 Mikle Kolyada
0 siblings, 0 replies; 277+ messages in thread
From: Mikle Kolyada @ 2021-05-02 9:54 UTC (permalink / raw
To: gentoo-commits
commit: af97063e8d0c5a2530d0a3e834383985d461b8e1
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun May 2 09:54:19 2021 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun May 2 09:54:41 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af97063e
www-servers/nginx: remove libressl support
Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
www-servers/nginx/nginx-1.18.0-r2.ebuild | 14 +++++---------
www-servers/nginx/nginx-1.19.10.ebuild | 14 +++++---------
www-servers/nginx/nginx-1.19.9.ebuild | 14 +++++---------
3 files changed, 15 insertions(+), 27 deletions(-)
diff --git a/www-servers/nginx/nginx-1.18.0-r2.ebuild b/www-servers/nginx/nginx-1.18.0-r2.ebuild
index b8b349e004f..e96a7738bc6 100644
--- a/www-servers/nginx/nginx-1.18.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.18.0-r2.ebuild
@@ -246,7 +246,7 @@ NGINX_MODULES_3RD="
stream_javascript
"
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic luajit +pcre
pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
for mod in $NGINX_MODULES_STD; do
@@ -281,17 +281,14 @@ CDEPEND="
pcre? ( dev-libs/libpcre:= )
pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
+ >=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
@@ -305,8 +302,7 @@ CDEPEND="
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
)
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
diff --git a/www-servers/nginx/nginx-1.19.10.ebuild b/www-servers/nginx/nginx-1.19.10.ebuild
index 11e748bc8c2..1cdf07062df 100644
--- a/www-servers/nginx/nginx-1.19.10.ebuild
+++ b/www-servers/nginx/nginx-1.19.10.ebuild
@@ -247,7 +247,7 @@ NGINX_MODULES_3RD="
stream_javascript
"
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
for mod in $NGINX_MODULES_STD; do
@@ -282,17 +282,14 @@ CDEPEND="
pcre? ( dev-libs/libpcre:= )
pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
+ >=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
@@ -306,8 +303,7 @@ CDEPEND="
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
)
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
diff --git a/www-servers/nginx/nginx-1.19.9.ebuild b/www-servers/nginx/nginx-1.19.9.ebuild
index 11e748bc8c2..1cdf07062df 100644
--- a/www-servers/nginx/nginx-1.19.9.ebuild
+++ b/www-servers/nginx/nginx-1.19.9.ebuild
@@ -247,7 +247,7 @@ NGINX_MODULES_3RD="
stream_javascript
"
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl +pcre
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
for mod in $NGINX_MODULES_STD; do
@@ -282,17 +282,14 @@ CDEPEND="
pcre? ( dev-libs/libpcre:= )
pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
http2? (
- !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
- libressl? ( dev-libs/libressl:= )
+ >=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
@@ -306,8 +303,7 @@ CDEPEND="
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
nginx_modules_http_secure_link? (
userland_GNU? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
+ dev-libs/openssl:0=
)
)
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-05-26 15:56 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-05-26 15:56 UTC (permalink / raw
To: gentoo-commits
commit: 2efee16240a9bae3f37be3e948c56e03a010b8a3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed May 26 15:53:50 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed May 26 15:53:50 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2efee162
www-servers/nginx: bump to v1.20.1
Bug: https://bugs.gentoo.org/792087
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.20.1.ebuild | 1086 +++++++++++++++++++++++++++++++++
2 files changed, 1087 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6dd748e1dc0..e74c2e6dbf3 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
DIST nginx-1.19.10.tar.gz 1061062 BLAKE2B e6ba3023f34235ef3fc54cdaeda6ba357cab2f8bc3d639c218a87ba5ce3d5650d9f2356cc5fef5ce84db8977f5d46057d83c2730a9239b5759cbef665813872d SHA512 aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea
DIST nginx-1.19.9.tar.gz 1060580 BLAKE2B 896f58de8051dcf76fc65b9e8263099e7d4c797832b5f9c354fe2440ff4a3155c0d9139a4022e4d828d17f11259be6853b264e22e43a986d249b5dc53a075d35 SHA512 a418aa22046f641afd95ee661c77c469d21c9957aa5ab74c4186526fcd18e0d701ee933a76ab143081b4b3f8815484074c2609aa257646218bf6b4b739b3cb88
+DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.20.1.ebuild b/www-servers/nginx/nginx-1.20.1.ebuild
new file mode 100644
index 00000000000..99adabe7825
--- /dev/null
+++ b/www-servers/nginx/nginx-1.20.1.ebuild
@@ -0,0 +1,1086 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-05-26 15:56 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-05-26 15:56 UTC (permalink / raw
To: gentoo-commits
commit: 0bde26175a72fac9a2b93ec2d291440116bf3a95
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed May 26 15:55:11 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed May 26 15:55:11 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bde2617
www-servers/nginx: bump to v1.21.0 mainline
Bug: https://bugs.gentoo.org/792087
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.21.0.ebuild | 1086 +++++++++++++++++++++++++++++++++
2 files changed, 1087 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e74c2e6dbf3..9fb1e65ef15 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c4
DIST nginx-1.19.10.tar.gz 1061062 BLAKE2B e6ba3023f34235ef3fc54cdaeda6ba357cab2f8bc3d639c218a87ba5ce3d5650d9f2356cc5fef5ce84db8977f5d46057d83c2730a9239b5759cbef665813872d SHA512 aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea
DIST nginx-1.19.9.tar.gz 1060580 BLAKE2B 896f58de8051dcf76fc65b9e8263099e7d4c797832b5f9c354fe2440ff4a3155c0d9139a4022e4d828d17f11259be6853b264e22e43a986d249b5dc53a075d35 SHA512 a418aa22046f641afd95ee661c77c469d21c9957aa5ab74c4186526fcd18e0d701ee933a76ab143081b4b3f8815484074c2609aa257646218bf6b4b739b3cb88
DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
+DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.21.0.ebuild b/www-servers/nginx/nginx-1.21.0.ebuild
new file mode 100644
index 00000000000..1cdf07062df
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.0.ebuild
@@ -0,0 +1,1086 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.5.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-05-26 17:38 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-05-26 17:38 UTC (permalink / raw
To: gentoo-commits
commit: d8e0466a52aa7385a9e9bac3e07a49f374629339
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed May 26 17:38:20 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed May 26 17:38:29 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e0466a
www-servers/nginx: x86 stable (bug #792087)
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/nginx-1.20.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.20.1.ebuild b/www-servers/nginx/nginx-1.20.1.ebuild
index 99adabe7825..f90b788182b 100644
--- a/www-servers/nginx/nginx-1.20.1.ebuild
+++ b/www-servers/nginx/nginx-1.20.1.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-05-27 6:55 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2021-05-27 6:55 UTC (permalink / raw
To: gentoo-commits
commit: 0eccab5e79a8ef26c2de43559c8796701d7c4429
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu May 27 06:55:15 2021 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu May 27 06:55:15 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0eccab5e
www-servers/nginx: amd64 stable wrt bug #792087
Package-Manager: Portage-3.0.13, Repoman-3.0.2
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.20.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.20.1.ebuild b/www-servers/nginx/nginx-1.20.1.ebuild
index f90b788182b..54418761425 100644
--- a/www-servers/nginx/nginx-1.20.1.ebuild
+++ b/www-servers/nginx/nginx-1.20.1.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-05-28 9:01 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-05-28 9:01 UTC (permalink / raw
To: gentoo-commits
commit: 1756c525a1ce5b99bdd3fe7c0d847674486942cc
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 28 09:01:07 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 28 09:01:07 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1756c525
www-servers/nginx: security cleanup
Bug: https://bugs.gentoo.org/792087
Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 5 -
www-servers/nginx/metadata.xml | 1 -
www-servers/nginx/nginx-1.18.0-r2.ebuild | 1084 -----------------------------
www-servers/nginx/nginx-1.19.10.ebuild | 1086 ------------------------------
www-servers/nginx/nginx-1.19.9.ebuild | 1086 ------------------------------
5 files changed, 3262 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9fb1e65ef15..f3a6570b4ed 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,13 +1,9 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.18.0.tar.gz 1039530 BLAKE2B a8962a6af96acb043ff0c3dc4ad5192083773c449950aff53b01f6f7c46a2a540eb061a43432acccd753fa71067b1451d75f440ba5526575b78608be9d40a50b SHA512 8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb
-DIST nginx-1.19.10.tar.gz 1061062 BLAKE2B e6ba3023f34235ef3fc54cdaeda6ba357cab2f8bc3d639c218a87ba5ce3d5650d9f2356cc5fef5ce84db8977f5d46057d83c2730a9239b5759cbef665813872d SHA512 aa5b6e94d06e450358f105982a64b8498d1872c0e9b6f05b96b5a7057bdccc9b8078a781bc947e7a1c87737b20ec207de822e7992a25875a548a4b3ea3ae8eea
-DIST nginx-1.19.9.tar.gz 1060580 BLAKE2B 896f58de8051dcf76fc65b9e8263099e7d4c797832b5f9c354fe2440ff4a3155c0d9139a4022e4d828d17f11259be6853b264e22e43a986d249b5dc53a075d35 SHA512 a418aa22046f641afd95ee661c77c469d21c9957aa5ab74c4186526fcd18e0d701ee933a76ab143081b4b3f8815484074c2609aa257646218bf6b4b739b3cb88
DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
-DIST ngx_brotli-25f86f0bac1101b6512135eac5f93c49c63609e3.tar.gz 16201 BLAKE2B 2da3ce8a9f29b713da4de4cd60fe22256742ff61e1718346e5246ffa0169d5a2e1babb625b16ac52e3b79431f749adb3ee0170957024953c139aaebc7a496478 SHA512 c6eb026f204e1e6f930ab7ca68cca78054318e05a0dc11d897d3516380dbc4e42e93d40334e3088bf348d4b7b182e87c77473974719e5850a4f97666f9babbd6
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132ac21fcd1720a2843ce598450198e2b7fe902e9ded15a78b66e8a897e811faa872e4e391bf211c795e320c1ccd57607c319 SHA512 b82e401533c44298c41bc9a1caaf3f7850e42da151c06a77a927f817810ebf5ce01c49ca81de42c326345765c784bb55e28fbf0f6a5500626f51e58a216b53c4
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
@@ -27,5 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.4.3.tar.gz 460997 BLAKE2B 373a4aca51ada84d628ae6b6254c9268b4cec4ac8870f81ba43ff693f20148a9ca862038e57a68c22cbff29ea613785e83778cc708cf1b47103e9f950a198289 SHA512 b3b4294817997a06661f00f53d38e0cde08e022f41b3663f9d17a91b343fb944e21184114f09d89995096faee491187c3ae424407f2855ed0670c0cccf928cd7
DIST njs-0.5.3.tar.gz 519938 BLAKE2B 1d06f8a20f6c37977e3b4b9afa0f136761a6998b85739a9853bb41d70ea6af42f49541035961fd0251eda2e10579f7bf983eaec2f9e19460138e53f44b9e6788 SHA512 b1d2e7498c37cc1df18e0f65866391637bf75d3d251fc7d7ad1ef5c76457697f49eaea088e1d157c94a6e779e9b8cc07b3f5aaac965666624506f517f6878c23
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 3958772f3f4..4ba7cfcec3d 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -11,7 +11,6 @@
<flag name="http2">Enable HTTP2 module support</flag>
<flag name="http-cache">Enable HTTP cache support</flag>
<flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
- <flag name="luajit">Use <pkg>dev-lang/luajit</pkg> instead of <pkg>dev-lang/lua</pkg> for lua support when building the lua http module.</flag>
<flag name="pcre-jit">Enable JIT for pcre</flag>
<flag name="ssl">Enable HTTPS module for http. Enable SSL/TLS support for POP3/IMAP/SMTP for mail.</flag>
<flag name="rtmp">NGINX-based Media Streaming Server</flag>
diff --git a/www-servers/nginx/nginx-1.18.0-r2.ebuild b/www-servers/nginx/nginx-1.18.0-r2.ebuild
deleted file mode 100644
index c57e3bd041a..00000000000
--- a/www-servers/nginx/nginx-1.18.0-r2.ebuild
+++ /dev/null
@@ -1,1084 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="25f86f0bac1101b6512135eac5f93c49c63609e3"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.4.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic luajit +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( dev-lang/luajit:2= )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_lua? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- luajit
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use luajit ; then
- sed -i \
- -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$($(tc-getPKG_CONFIG) --variable libdir luajit)
- export LUAJIT_INC=$($(tc-getPKG_CONFIG) --variable includedir luajit)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${SYSROOT}${EPREFIX}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${SYSROOT}${EPREFIX}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D%/}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED%/}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED%/}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED%/}"/run || die
-
- if use luajit; then
- pax-mark m "${ED%/}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.10.ebuild b/www-servers/nginx/nginx-1.19.10.ebuild
deleted file mode 100644
index 1cdf07062df..00000000000
--- a/www-servers/nginx/nginx-1.19.10.ebuild
+++ /dev/null
@@ -1,1086 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.19.9.ebuild b/www-servers/nginx/nginx-1.19.9.ebuild
deleted file mode 100644
index 1cdf07062df..00000000000
--- a/www-servers/nginx/nginx-1.19.9.ebuild
+++ /dev/null
@@ -1,1086 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-06-18 12:39 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-06-18 12:39 UTC (permalink / raw
To: gentoo-commits
commit: 73ddbc5326b72c1e8ed9191964239354bc9174ef
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 18 12:39:22 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 18 12:39:52 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73ddbc53
www-servers/nginx: bump njs to v0.6.0
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.20.1.ebuild => nginx-1.20.1-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.0.ebuild => nginx-1.21.0-r1.ebuild} | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f3a6570b4ed..1b0e6a1011f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -23,4 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.5.3.tar.gz 519938 BLAKE2B 1d06f8a20f6c37977e3b4b9afa0f136761a6998b85739a9853bb41d70ea6af42f49541035961fd0251eda2e10579f7bf983eaec2f9e19460138e53f44b9e6788 SHA512 b1d2e7498c37cc1df18e0f65866391637bf75d3d251fc7d7ad1ef5c76457697f49eaea088e1d157c94a6e779e9b8cc07b3f5aaac965666624506f517f6878c23
+DIST njs-0.6.0.tar.gz 528419 BLAKE2B 7b3c9dd4be8182298cc283e8b19eb4efeef66416d26332ae73dde66b5b67ad980c3e07f12fe0006dfb9710f3df449ac2598bfd1803f6c86d721f48697d975087 SHA512 fa569623fd594e859c535c75041be443ef6329a4ee33d9e0f29eeb56e69ae2f3c44264ccba736b4a97ab0b33700f381acb65a884889d6f644f3fbce7c1bc586e
diff --git a/www-servers/nginx/nginx-1.20.1.ebuild b/www-servers/nginx/nginx-1.20.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.20.1.ebuild
rename to www-servers/nginx/nginx-1.20.1-r1.ebuild
index 54418761425..9bfadd1ec3c 100644
--- a/www-servers/nginx/nginx-1.20.1.ebuild
+++ b/www-servers/nginx/nginx-1.20.1-r1.ebuild
@@ -157,7 +157,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.3"
+NJS_MODULE_PV="0.6.0"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
diff --git a/www-servers/nginx/nginx-1.21.0.ebuild b/www-servers/nginx/nginx-1.21.0-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.0.ebuild
rename to www-servers/nginx/nginx-1.21.0-r1.ebuild
index 1cdf07062df..a452afe9fca 100644
--- a/www-servers/nginx/nginx-1.21.0.ebuild
+++ b/www-servers/nginx/nginx-1.21.0-r1.ebuild
@@ -157,7 +157,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.5.3"
+NJS_MODULE_PV="0.6.0"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-06-25 19:32 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2021-06-25 19:32 UTC (permalink / raw
To: gentoo-commits
commit: 72a0a6c6c685df5270646fc5076955c4ed36a814
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 25 02:05:12 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jun 25 19:31:49 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72a0a6c6
www-servers/nginx: add virtual/libcrypt dependency
Needed for upcoming libxcrypt migration.
Acked-by: David Seifert <soap <AT> gentoo.org>
Reported-by: Alexey Sokolov <alexey+gentoo <AT> asokolov.org>
Reported-by: John Helmert III <ajak <AT> gentoo.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/{nginx-1.20.1-r1.ebuild => nginx-1.20.1-r2.ebuild} | 1 +
www-servers/nginx/{nginx-1.21.0-r1.ebuild => nginx-1.21.0-r2.ebuild} | 1 +
2 files changed, 2 insertions(+)
diff --git a/www-servers/nginx/nginx-1.20.1-r1.ebuild b/www-servers/nginx/nginx-1.20.1-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.20.1-r1.ebuild
rename to www-servers/nginx/nginx-1.20.1-r2.ebuild
index 9bfadd1ec3c..9153b8279b5 100644
--- a/www-servers/nginx/nginx-1.20.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.20.1-r2.ebuild
@@ -279,6 +279,7 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
+ virtual/libcrypt:=
pcre? ( dev-libs/libpcre:= )
pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
diff --git a/www-servers/nginx/nginx-1.21.0-r1.ebuild b/www-servers/nginx/nginx-1.21.0-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.0-r1.ebuild
rename to www-servers/nginx/nginx-1.21.0-r2.ebuild
index a452afe9fca..599d1bf039c 100644
--- a/www-servers/nginx/nginx-1.21.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.21.0-r2.ebuild
@@ -279,6 +279,7 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
+ virtual/libcrypt:=
pcre? ( dev-libs/libpcre:= )
pcre-jit? ( dev-libs/libpcre:=[jit] )
ssl? (
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-07-06 23:44 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-07-06 23:44 UTC (permalink / raw
To: gentoo-commits
commit: f33c7a485363dec7288ed625053a0b74ac858ee9
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 6 23:42:37 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 6 23:42:37 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f33c7a48
www-servers/nginx: bump to v1.21.1 mainline
- nginScript module bumped to v0.6.1
Package-Manager: Portage-3.0.21, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.21.1.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1089 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1b0e6a1011f..b334855a83d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
+DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -24,3 +25,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.6.0.tar.gz 528419 BLAKE2B 7b3c9dd4be8182298cc283e8b19eb4efeef66416d26332ae73dde66b5b67ad980c3e07f12fe0006dfb9710f3df449ac2598bfd1803f6c86d721f48697d975087 SHA512 fa569623fd594e859c535c75041be443ef6329a4ee33d9e0f29eeb56e69ae2f3c44264ccba736b4a97ab0b33700f381acb65a884889d6f644f3fbce7c1bc586e
+DIST njs-0.6.1.tar.gz 529124 BLAKE2B a24b6542dcef6599d18b86d38dbaeb554beeddb5c100f5bfb97c87c81bd66842afc6f77f23ef2c542ba32da96d5c2f999d3c869fa8d76d919a4f964020d19e30 SHA512 996cdc11d65af5e3d5b3a8f28087868c40409a062e6e1ed3eac8e516cb60b13f88a945c86bea5dde1bc089fe5f96f3ba351d87dbfd513f7140ea4ce98119959f
diff --git a/www-servers/nginx/nginx-1.21.1.ebuild b/www-servers/nginx/nginx-1.21.1.ebuild
new file mode 100644
index 00000000000..8eee002db06
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.1.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.6.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-07-25 20:09 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2021-07-25 20:09 UTC (permalink / raw
To: gentoo-commits
commit: 213809fb518b9d5972f385079cf321ca8102f2d6
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 25 20:08:07 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 25 20:08:07 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=213809fb
www-servers/nginx: Stabilize 1.20.1-r2 arm, #804049
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.20.1-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.20.1-r2.ebuild b/www-servers/nginx/nginx-1.20.1-r2.ebuild
index 9153b8279b5..dab635dce9c 100644
--- a/www-servers/nginx/nginx-1.20.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.20.1-r2.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-08-03 11:03 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2021-08-03 11:03 UTC (permalink / raw
To: gentoo-commits
commit: db57c535e86d8942d31406b2448f302c63e7e55d
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 3 11:00:11 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug 3 11:00:11 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db57c535
www-servers/nginx: Stabilize 1.20.1-r2 arm64, #804049
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.20.1-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.20.1-r2.ebuild b/www-servers/nginx/nginx-1.20.1-r2.ebuild
index dab635dce9c..544d72b4fb0 100644
--- a/www-servers/nginx/nginx-1.20.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.20.1-r2.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-09-01 14:17 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-09-01 14:17 UTC (permalink / raw
To: gentoo-commits
commit: 8e5f4cbabdfda0f6a47b2c23b61f5b499bfee4ab
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 1 14:16:14 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep 1 14:16:14 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e5f4cba
www-servers/nginx: bump to v1.21.2 mainline
- nginScript module bumped to v0.6.2
Package-Manager: Portage-3.0.22, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.21.2.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1089 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b334855a83d..9b8bdb324ba 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
+DIST nginx-1.21.2.tar.gz 1066678 BLAKE2B 7af3a6f4cfc84c98058cb5ef3e0991b4f3cc2d8d9ca3b84111c30eac158253ac7f444e5b6ac9fd3a296f03a6c906e8a411b02c54e8df199f67a9ee0acce683d4 SHA512 5fa9c8f3a1bd9366b30de2bdbbd5baef47381e6d8672341ed601116baeb077ea1b596716ca06ec03d8a2773a437b78acd408084e49ba239f74de915f1b7fb8a5
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -26,3 +27,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.6.0.tar.gz 528419 BLAKE2B 7b3c9dd4be8182298cc283e8b19eb4efeef66416d26332ae73dde66b5b67ad980c3e07f12fe0006dfb9710f3df449ac2598bfd1803f6c86d721f48697d975087 SHA512 fa569623fd594e859c535c75041be443ef6329a4ee33d9e0f29eeb56e69ae2f3c44264ccba736b4a97ab0b33700f381acb65a884889d6f644f3fbce7c1bc586e
DIST njs-0.6.1.tar.gz 529124 BLAKE2B a24b6542dcef6599d18b86d38dbaeb554beeddb5c100f5bfb97c87c81bd66842afc6f77f23ef2c542ba32da96d5c2f999d3c869fa8d76d919a4f964020d19e30 SHA512 996cdc11d65af5e3d5b3a8f28087868c40409a062e6e1ed3eac8e516cb60b13f88a945c86bea5dde1bc089fe5f96f3ba351d87dbfd513f7140ea4ce98119959f
+DIST njs-0.6.2.tar.gz 538303 BLAKE2B 6c505a6ec20222095d4d10efdf274d2ea2fa61f236ceae71311f2c47dacc4b21f6af2a7b6f8bde21db6453455aff2994341c420fa14722120a98ac9d8bd6e934 SHA512 0c359501665ca303fcfb29353d4ad6ed398679b10906a6bbe6f6f6f69418f08adce9849a50206fdbd4e8fa89a5b73ea4fa43f1f02a28b7bd02e3f990d11263d0
diff --git a/www-servers/nginx/nginx-1.21.2.ebuild b/www-servers/nginx/nginx-1.21.2.ebuild
new file mode 100644
index 00000000000..bdebfbba028
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.2.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.6.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-09-22 12:16 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-09-22 12:16 UTC (permalink / raw
To: gentoo-commits
commit: 813f668e15273cb55f50e59bf93689f1df3dd889
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 22 11:14:16 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep 22 12:16:29 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=813f668e
www-servers/nginx: bump to v1.21.3
Package-Manager: Portage-3.0.23, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.21.3.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9b8bdb324ba..3ba4d199313 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc698059
DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
DIST nginx-1.21.2.tar.gz 1066678 BLAKE2B 7af3a6f4cfc84c98058cb5ef3e0991b4f3cc2d8d9ca3b84111c30eac158253ac7f444e5b6ac9fd3a296f03a6c906e8a411b02c54e8df199f67a9ee0acce683d4 SHA512 5fa9c8f3a1bd9366b30de2bdbbd5baef47381e6d8672341ed601116baeb077ea1b596716ca06ec03d8a2773a437b78acd408084e49ba239f74de915f1b7fb8a5
+DIST nginx-1.21.3.tar.gz 1066609 BLAKE2B 424e9525f8f27dad6a49e7ec7c76160331ce98015d1023c71e9c60146aef7d330c780dc69bf2db01da0bedce3acecb156b3e108c24d2683ffee2954396ff440e SHA512 173d6d5c1471df1f5fbcf43fab19699ac509faee44a6c603f5e96ba59ac58774bbd84be5b45f5922a12b4037e4b32f875ce71c28e3e6adb70f306a2d25b40736
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.21.3.ebuild b/www-servers/nginx/nginx-1.21.3.ebuild
new file mode 100644
index 00000000000..bdebfbba028
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.3.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.6.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-11-03 1:45 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-11-03 1:45 UTC (permalink / raw
To: gentoo-commits
commit: e028ca1fc4965a86bc3d95331891b58d5af4e0c1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 3 01:36:51 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 3 01:44:57 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e028ca1f
www-servers/nginx: bump to v1.21.4
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.21.4.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 3ba4d199313..47336418ff0 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a
DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
DIST nginx-1.21.2.tar.gz 1066678 BLAKE2B 7af3a6f4cfc84c98058cb5ef3e0991b4f3cc2d8d9ca3b84111c30eac158253ac7f444e5b6ac9fd3a296f03a6c906e8a411b02c54e8df199f67a9ee0acce683d4 SHA512 5fa9c8f3a1bd9366b30de2bdbbd5baef47381e6d8672341ed601116baeb077ea1b596716ca06ec03d8a2773a437b78acd408084e49ba239f74de915f1b7fb8a5
DIST nginx-1.21.3.tar.gz 1066609 BLAKE2B 424e9525f8f27dad6a49e7ec7c76160331ce98015d1023c71e9c60146aef7d330c780dc69bf2db01da0bedce3acecb156b3e108c24d2683ffee2954396ff440e SHA512 173d6d5c1471df1f5fbcf43fab19699ac509faee44a6c603f5e96ba59ac58774bbd84be5b45f5922a12b4037e4b32f875ce71c28e3e6adb70f306a2d25b40736
+DIST nginx-1.21.4.tar.gz 1070260 BLAKE2B 61297386c59b4c29ec120f963e76fb7570a262304a0401381b0b2fbd2fa0ce9b3392c552d6c70eeda88b45553cca39bb5ccb42cce7f23a45c57745c366907b68 SHA512 8f0be700bbec70abdb9902c27044334038087d03bdf07b9bdf1520f416edd12ca504bdd0244b34c542b222c28d5bd2d0add54dcb04b235e763d088fa3e2cee6e
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.21.4.ebuild b/www-servers/nginx/nginx-1.21.4.ebuild
new file mode 100644
index 00000000000..bdebfbba028
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.4.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.6.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2021-11-16 18:27 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2021-11-16 18:27 UTC (permalink / raw
To: gentoo-commits
commit: 4aa844b8d7a9d39a77aa32ebce9b3ec887a1c35c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 16 18:27:11 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 16 18:27:11 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4aa844b8
www-servers/nginx: bump to v1.20.2
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.20.2.ebuild | 1087 +++++++++++++++++++++++++++++++++
2 files changed, 1088 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 47336418ff06..2ace5d328246 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
+DIST nginx-1.20.2.tar.gz 1062124 BLAKE2B dc2fb9e7316ccac433c1f06c59d2738358c16194fe0ece80f54d145e2c4e3c3a8d6ebc4badb97580a000d721197a865bcc8c94a4d671af94be4bc3181974c586 SHA512 8b65e881ea4ac6162cbf32e5e95cf47a6d5418819f8763ca4a781cffa38187dd7886d4bc195d000a7046111a27121ff25800f8645405174995247e6738b4279a
DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
DIST nginx-1.21.2.tar.gz 1066678 BLAKE2B 7af3a6f4cfc84c98058cb5ef3e0991b4f3cc2d8d9ca3b84111c30eac158253ac7f444e5b6ac9fd3a296f03a6c906e8a411b02c54e8df199f67a9ee0acce683d4 SHA512 5fa9c8f3a1bd9366b30de2bdbbd5baef47381e6d8672341ed601116baeb077ea1b596716ca06ec03d8a2773a437b78acd408084e49ba239f74de915f1b7fb8a5
diff --git a/www-servers/nginx/nginx-1.20.2.ebuild b/www-servers/nginx/nginx-1.20.2.ebuild
new file mode 100644
index 000000000000..3f56502d4648
--- /dev/null
+++ b/www-servers/nginx/nginx-1.20.2.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.6.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? (
+ userland_GNU? (
+ dev-libs/openssl:0=
+ )
+ )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-01-06 9:07 David Seifert
0 siblings, 0 replies; 277+ messages in thread
From: David Seifert @ 2022-01-06 9:07 UTC (permalink / raw
To: gentoo-commits
commit: 4803751e71e74e5f948b19cdcd58e2f9f65574b0
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 6 09:07:16 2022 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Thu Jan 6 09:07:16 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4803751e
www-servers/nginx: remove userland_GNU
Signed-off-by: David Seifert <soap <AT> gentoo.org>
www-servers/nginx/nginx-1.20.1-r2.ebuild | 14 ++++----------
www-servers/nginx/nginx-1.20.2.ebuild | 14 ++++----------
www-servers/nginx/nginx-1.21.0-r2.ebuild | 14 ++++----------
www-servers/nginx/nginx-1.21.1.ebuild | 14 ++++----------
www-servers/nginx/nginx-1.21.2.ebuild | 14 ++++----------
www-servers/nginx/nginx-1.21.3.ebuild | 14 ++++----------
www-servers/nginx/nginx-1.21.4.ebuild | 14 ++++----------
7 files changed, 28 insertions(+), 70 deletions(-)
diff --git a/www-servers/nginx/nginx-1.20.1-r2.ebuild b/www-servers/nginx/nginx-1.20.1-r2.ebuild
index 544d72b4fb06..e9e47694a337 100644
--- a/www-servers/nginx/nginx-1.20.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.20.1-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
diff --git a/www-servers/nginx/nginx-1.20.2.ebuild b/www-servers/nginx/nginx-1.20.2.ebuild
index 3f56502d4648..df8739941162 100644
--- a/www-servers/nginx/nginx-1.20.2.ebuild
+++ b/www-servers/nginx/nginx-1.20.2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
diff --git a/www-servers/nginx/nginx-1.21.0-r2.ebuild b/www-servers/nginx/nginx-1.21.0-r2.ebuild
index 599d1bf039c2..4bb1e40afbbd 100644
--- a/www-servers/nginx/nginx-1.21.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.21.0-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
diff --git a/www-servers/nginx/nginx-1.21.1.ebuild b/www-servers/nginx/nginx-1.21.1.ebuild
index 5c6078c50aec..f7d071a8e8f0 100644
--- a/www-servers/nginx/nginx-1.21.1.ebuild
+++ b/www-servers/nginx/nginx-1.21.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
diff --git a/www-servers/nginx/nginx-1.21.2.ebuild b/www-servers/nginx/nginx-1.21.2.ebuild
index bdebfbba028c..28cef0b0ea20 100644
--- a/www-servers/nginx/nginx-1.21.2.ebuild
+++ b/www-servers/nginx/nginx-1.21.2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
diff --git a/www-servers/nginx/nginx-1.21.3.ebuild b/www-servers/nginx/nginx-1.21.3.ebuild
index bdebfbba028c..28cef0b0ea20 100644
--- a/www-servers/nginx/nginx-1.21.3.ebuild
+++ b/www-servers/nginx/nginx-1.21.3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
diff --git a/www-servers/nginx/nginx-1.21.4.ebuild b/www-servers/nginx/nginx-1.21.4.ebuild
index bdebfbba028c..28cef0b0ea20 100644
--- a/www-servers/nginx/nginx-1.21.4.ebuild
+++ b/www-servers/nginx/nginx-1.21.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -248,7 +248,7 @@ NGINX_MODULES_3RD="
"
IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+ pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -289,9 +289,7 @@ CDEPEND="
>=dev-libs/openssl-1.0.1c:0=
)
http-cache? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
+ dev-libs/openssl:0=
)
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
@@ -302,11 +300,7 @@ CDEPEND="
nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? (
- userland_GNU? (
- dev-libs/openssl:0=
- )
- )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
nginx_modules_http_lua? ( ${LUA_DEPS} )
nginx_modules_http_auth_pam? ( sys-libs/pam )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-01-26 2:31 Thomas Deutschmann
0 siblings, 0 replies; 277+ messages in thread
From: Thomas Deutschmann @ 2022-01-26 2:31 UTC (permalink / raw
To: gentoo-commits
commit: 3b19c6818d83bd778443ae8be4e9b99889d97270
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 26 00:52:18 2022 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 26 02:31:24 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b19c681
www-servers/nginx: bump to v1.21.6
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.21.6.ebuild | 1081 +++++++++++++++++++++++++++++++++
2 files changed, 1083 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2ace5d328246..79b037d5101a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,6 +6,7 @@ DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db7
DIST nginx-1.21.2.tar.gz 1066678 BLAKE2B 7af3a6f4cfc84c98058cb5ef3e0991b4f3cc2d8d9ca3b84111c30eac158253ac7f444e5b6ac9fd3a296f03a6c906e8a411b02c54e8df199f67a9ee0acce683d4 SHA512 5fa9c8f3a1bd9366b30de2bdbbd5baef47381e6d8672341ed601116baeb077ea1b596716ca06ec03d8a2773a437b78acd408084e49ba239f74de915f1b7fb8a5
DIST nginx-1.21.3.tar.gz 1066609 BLAKE2B 424e9525f8f27dad6a49e7ec7c76160331ce98015d1023c71e9c60146aef7d330c780dc69bf2db01da0bedce3acecb156b3e108c24d2683ffee2954396ff440e SHA512 173d6d5c1471df1f5fbcf43fab19699ac509faee44a6c603f5e96ba59ac58774bbd84be5b45f5922a12b4037e4b32f875ce71c28e3e6adb70f306a2d25b40736
DIST nginx-1.21.4.tar.gz 1070260 BLAKE2B 61297386c59b4c29ec120f963e76fb7570a262304a0401381b0b2fbd2fa0ce9b3392c552d6c70eeda88b45553cca39bb5ccb42cce7f23a45c57745c366907b68 SHA512 8f0be700bbec70abdb9902c27044334038087d03bdf07b9bdf1520f416edd12ca504bdd0244b34c542b222c28d5bd2d0add54dcb04b235e763d088fa3e2cee6e
+DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -31,3 +32,4 @@ DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b
DIST njs-0.6.0.tar.gz 528419 BLAKE2B 7b3c9dd4be8182298cc283e8b19eb4efeef66416d26332ae73dde66b5b67ad980c3e07f12fe0006dfb9710f3df449ac2598bfd1803f6c86d721f48697d975087 SHA512 fa569623fd594e859c535c75041be443ef6329a4ee33d9e0f29eeb56e69ae2f3c44264ccba736b4a97ab0b33700f381acb65a884889d6f644f3fbce7c1bc586e
DIST njs-0.6.1.tar.gz 529124 BLAKE2B a24b6542dcef6599d18b86d38dbaeb554beeddb5c100f5bfb97c87c81bd66842afc6f77f23ef2c542ba32da96d5c2f999d3c869fa8d76d919a4f964020d19e30 SHA512 996cdc11d65af5e3d5b3a8f28087868c40409a062e6e1ed3eac8e516cb60b13f88a945c86bea5dde1bc089fe5f96f3ba351d87dbfd513f7140ea4ce98119959f
DIST njs-0.6.2.tar.gz 538303 BLAKE2B 6c505a6ec20222095d4d10efdf274d2ea2fa61f236ceae71311f2c47dacc4b21f6af2a7b6f8bde21db6453455aff2994341c420fa14722120a98ac9d8bd6e934 SHA512 0c359501665ca303fcfb29353d4ad6ed398679b10906a6bbe6f6f6f69418f08adce9849a50206fdbd4e8fa89a5b73ea4fa43f1f02a28b7bd02e3f990d11263d0
+DIST njs-0.7.2.tar.gz 584483 BLAKE2B 98f28e599f73aaacf2c155dd2a630b8dec9767725e47e6d93de05fb15b854277cd2fcc38ec915d8b04a769d40513725fe2061054521fed73967a6d61f04ce8e1 SHA512 7ff9c8f4e8cf1a3aeb0f2ed9f37e2b3f4966812966d1aca17dae8b454dd7fa725ccdc631b7dc1f3434f588e589f4cd419b9e087f3c745cd6ca092a683c92d82f
diff --git a/www-servers/nginx/nginx-1.21.6.ebuild b/www-servers/nginx/nginx-1.21.6.ebuild
new file mode 100644
index 000000000000..7a75955acae5
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.6.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ ebegin "Creating nginx user and group"
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+ eend $?
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-03-23 0:45 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2022-03-23 0:45 UTC (permalink / raw
To: gentoo-commits
commit: d2d1236a4e2cd356a7001c8507db4743dc6e3c53
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 23 00:41:36 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 23 00:45:03 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d1236a
www-servers/nginx: add subslot dep on OpenLDAP
New OpenLDAP breaks ABI (changes SONAME)
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/{nginx-1.20.1-r2.ebuild => nginx-1.20.1-r3.ebuild} | 2 +-
www-servers/nginx/{nginx-1.20.2.ebuild => nginx-1.20.2-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.0-r2.ebuild => nginx-1.21.0-r3.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.1.ebuild => nginx-1.21.1-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.2.ebuild => nginx-1.21.2-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.3.ebuild => nginx-1.21.3-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.4.ebuild => nginx-1.21.4-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.21.6.ebuild => nginx-1.21.6-r1.ebuild} | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/www-servers/nginx/nginx-1.20.1-r2.ebuild b/www-servers/nginx/nginx-1.20.1-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.20.1-r2.ebuild
rename to www-servers/nginx/nginx-1.20.1-r3.ebuild
index e9e47694a337..9152592128f8 100644
--- a/www-servers/nginx/nginx-1.20.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.20.1-r3.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.20.2.ebuild b/www-servers/nginx/nginx-1.20.2-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.20.2.ebuild
rename to www-servers/nginx/nginx-1.20.2-r1.ebuild
index df8739941162..8330adb84690 100644
--- a/www-servers/nginx/nginx-1.20.2.ebuild
+++ b/www-servers/nginx/nginx-1.20.2-r1.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.21.0-r2.ebuild b/www-servers/nginx/nginx-1.21.0-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.0-r2.ebuild
rename to www-servers/nginx/nginx-1.21.0-r3.ebuild
index 4bb1e40afbbd..81d8ec42dad6 100644
--- a/www-servers/nginx/nginx-1.21.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.21.0-r3.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.21.1.ebuild b/www-servers/nginx/nginx-1.21.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.1.ebuild
rename to www-servers/nginx/nginx-1.21.1-r1.ebuild
index f7d071a8e8f0..731c9cd0e306 100644
--- a/www-servers/nginx/nginx-1.21.1.ebuild
+++ b/www-servers/nginx/nginx-1.21.1-r1.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.21.2.ebuild b/www-servers/nginx/nginx-1.21.2-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.2.ebuild
rename to www-servers/nginx/nginx-1.21.2-r1.ebuild
index 28cef0b0ea20..9a5530c82907 100644
--- a/www-servers/nginx/nginx-1.21.2.ebuild
+++ b/www-servers/nginx/nginx-1.21.2-r1.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.21.3.ebuild b/www-servers/nginx/nginx-1.21.3-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.3.ebuild
rename to www-servers/nginx/nginx-1.21.3-r1.ebuild
index 28cef0b0ea20..9a5530c82907 100644
--- a/www-servers/nginx/nginx-1.21.3.ebuild
+++ b/www-servers/nginx/nginx-1.21.3-r1.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.21.4.ebuild b/www-servers/nginx/nginx-1.21.4-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.4.ebuild
rename to www-servers/nginx/nginx-1.21.4-r1.ebuild
index 28cef0b0ea20..9a5530c82907 100644
--- a/www-servers/nginx/nginx-1.21.4.ebuild
+++ b/www-servers/nginx/nginx-1.21.4-r1.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
diff --git a/www-servers/nginx/nginx-1.21.6.ebuild b/www-servers/nginx/nginx-1.21.6-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.6.ebuild
rename to www-servers/nginx/nginx-1.21.6-r1.ebuild
index 7a75955acae5..895562562bfa 100644
--- a/www-servers/nginx/nginx-1.21.6.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r1.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
net-misc/curl
www-servers/apache
)
- nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_stream_geoip? ( dev-libs/geoip )
nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
RDEPEND="${CDEPEND}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-06-08 8:42 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-06-08 8:42 UTC (permalink / raw
To: gentoo-commits
commit: 7e62b6eaa60b772e3b3ec3dbd60fd5c8345157a9
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 8 08:41:36 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jun 8 08:41:36 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e62b6ea
www-servers/nginx: amd64 stable wrt bug #850490
Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r1.ebuild b/www-servers/nginx/nginx-1.21.6-r1.ebuild
index 895562562bfa..725139c8d360 100644
--- a/www-servers/nginx/nginx-1.21.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r1.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-06-08 8:43 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-06-08 8:43 UTC (permalink / raw
To: gentoo-commits
commit: e373f098885ee2837a33b429e28bbb067f2a1c40
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 8 08:42:58 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jun 8 08:42:58 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e373f098
www-servers/nginx: arm stable wrt bug #850490
Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r1.ebuild b/www-servers/nginx/nginx-1.21.6-r1.ebuild
index 725139c8d360..aa5c8d3a8b89 100644
--- a/www-servers/nginx/nginx-1.21.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r1.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-06-08 8:43 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-06-08 8:43 UTC (permalink / raw
To: gentoo-commits
commit: b5567798dd147755ddcc4d4f04242e71cc87beb5
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 8 08:43:41 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jun 8 08:43:41 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5567798
www-servers/nginx: arm64 stable wrt bug #850490
Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="arm64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r1.ebuild b/www-servers/nginx/nginx-1.21.6-r1.ebuild
index aa5c8d3a8b89..5eeee49a42b1 100644
--- a/www-servers/nginx/nginx-1.21.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r1.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-06-08 8:46 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-06-08 8:46 UTC (permalink / raw
To: gentoo-commits
commit: 9e7bf7f57a25d40561c7ec0730d2e3a305b2264c
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 8 08:46:26 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jun 8 08:46:26 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e7bf7f5
www-servers/nginx: x86 stable wrt bug #850490
Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r1.ebuild b/www-servers/nginx/nginx-1.21.6-r1.ebuild
index 5eeee49a42b1..cbd512501efa 100644
--- a/www-servers/nginx/nginx-1.21.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r1.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-09 21:30 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-09 21:30 UTC (permalink / raw
To: gentoo-commits
commit: bf02dbae72b37faec40e8c42f62f952cd47133ab
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 9 20:40:01 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Jul 9 21:29:17 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf02dbae
www-servers/nginx: migrate to GLEP-81
Closes: https://bugs.gentoo.org/701254
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../nginx/{nginx-1.21.6-r1.ebuild => nginx-1.21.6-r2.ebuild} | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r1.ebuild b/www-servers/nginx/nginx-1.21.6-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.6-r1.ebuild
rename to www-servers/nginx/nginx-1.21.6-r2.ebuild
index cbd512501efa..d85839846c7f 100644
--- a/www-servers/nginx/nginx-1.21.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r2.ebuild
@@ -166,7 +166,7 @@ NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
SSL_DEPS_SKIP=1
AUTOTOOLS_AUTO_DEPEND="no"
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
DESCRIPTION="Robust, small and high performance http and reverse proxy server"
HOMEPAGE="https://nginx.org"
@@ -279,6 +279,8 @@ done
IUSE="${IUSE} nginx_modules_http_spdy"
CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
virtual/libcrypt:=
pcre? ( dev-libs/libpcre:= )
pcre-jit? ( dev-libs/libpcre:=[jit] )
@@ -343,11 +345,6 @@ pkg_setup() {
NGINX_HOME="/var/lib/nginx"
NGINX_HOME_TMP="${NGINX_HOME}/tmp"
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
if use libatomic; then
ewarn "GCC 4.1+ features built-in atomic operations."
ewarn "Using libatomic_ops is only needed if using"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-09 21:30 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-09 21:30 UTC (permalink / raw
To: gentoo-commits
commit: ddf9f0c8697b162f0e065b31d5f6f7da13ae6b23
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 9 20:35:36 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Jul 9 21:29:17 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddf9f0c8
www-servers/nginx: drop versions
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 10 -
www-servers/nginx/nginx-1.20.1-r3.ebuild | 1081 ------------------------------
www-servers/nginx/nginx-1.20.2-r1.ebuild | 1081 ------------------------------
www-servers/nginx/nginx-1.21.0-r3.ebuild | 1081 ------------------------------
www-servers/nginx/nginx-1.21.1-r1.ebuild | 1081 ------------------------------
www-servers/nginx/nginx-1.21.2-r1.ebuild | 1081 ------------------------------
www-servers/nginx/nginx-1.21.3-r1.ebuild | 1081 ------------------------------
www-servers/nginx/nginx-1.21.4-r1.ebuild | 1081 ------------------------------
8 files changed, 7577 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 79b037d5101a..af5566fb23fa 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,11 +1,4 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
-DIST nginx-1.20.2.tar.gz 1062124 BLAKE2B dc2fb9e7316ccac433c1f06c59d2738358c16194fe0ece80f54d145e2c4e3c3a8d6ebc4badb97580a000d721197a865bcc8c94a4d671af94be4bc3181974c586 SHA512 8b65e881ea4ac6162cbf32e5e95cf47a6d5418819f8763ca4a781cffa38187dd7886d4bc195d000a7046111a27121ff25800f8645405174995247e6738b4279a
-DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
-DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
-DIST nginx-1.21.2.tar.gz 1066678 BLAKE2B 7af3a6f4cfc84c98058cb5ef3e0991b4f3cc2d8d9ca3b84111c30eac158253ac7f444e5b6ac9fd3a296f03a6c906e8a411b02c54e8df199f67a9ee0acce683d4 SHA512 5fa9c8f3a1bd9366b30de2bdbbd5baef47381e6d8672341ed601116baeb077ea1b596716ca06ec03d8a2773a437b78acd408084e49ba239f74de915f1b7fb8a5
-DIST nginx-1.21.3.tar.gz 1066609 BLAKE2B 424e9525f8f27dad6a49e7ec7c76160331ce98015d1023c71e9c60146aef7d330c780dc69bf2db01da0bedce3acecb156b3e108c24d2683ffee2954396ff440e SHA512 173d6d5c1471df1f5fbcf43fab19699ac509faee44a6c603f5e96ba59ac58774bbd84be5b45f5922a12b4037e4b32f875ce71c28e3e6adb70f306a2d25b40736
-DIST nginx-1.21.4.tar.gz 1070260 BLAKE2B 61297386c59b4c29ec120f963e76fb7570a262304a0401381b0b2fbd2fa0ce9b3392c552d6c70eeda88b45553cca39bb5ccb42cce7f23a45c57745c366907b68 SHA512 8f0be700bbec70abdb9902c27044334038087d03bdf07b9bdf1520f416edd12ca504bdd0244b34c542b222c28d5bd2d0add54dcb04b235e763d088fa3e2cee6e
DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -29,7 +22,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.6.0.tar.gz 528419 BLAKE2B 7b3c9dd4be8182298cc283e8b19eb4efeef66416d26332ae73dde66b5b67ad980c3e07f12fe0006dfb9710f3df449ac2598bfd1803f6c86d721f48697d975087 SHA512 fa569623fd594e859c535c75041be443ef6329a4ee33d9e0f29eeb56e69ae2f3c44264ccba736b4a97ab0b33700f381acb65a884889d6f644f3fbce7c1bc586e
-DIST njs-0.6.1.tar.gz 529124 BLAKE2B a24b6542dcef6599d18b86d38dbaeb554beeddb5c100f5bfb97c87c81bd66842afc6f77f23ef2c542ba32da96d5c2f999d3c869fa8d76d919a4f964020d19e30 SHA512 996cdc11d65af5e3d5b3a8f28087868c40409a062e6e1ed3eac8e516cb60b13f88a945c86bea5dde1bc089fe5f96f3ba351d87dbfd513f7140ea4ce98119959f
-DIST njs-0.6.2.tar.gz 538303 BLAKE2B 6c505a6ec20222095d4d10efdf274d2ea2fa61f236ceae71311f2c47dacc4b21f6af2a7b6f8bde21db6453455aff2994341c420fa14722120a98ac9d8bd6e934 SHA512 0c359501665ca303fcfb29353d4ad6ed398679b10906a6bbe6f6f6f69418f08adce9849a50206fdbd4e8fa89a5b73ea4fa43f1f02a28b7bd02e3f990d11263d0
DIST njs-0.7.2.tar.gz 584483 BLAKE2B 98f28e599f73aaacf2c155dd2a630b8dec9767725e47e6d93de05fb15b854277cd2fcc38ec915d8b04a769d40513725fe2061054521fed73967a6d61f04ce8e1 SHA512 7ff9c8f4e8cf1a3aeb0f2ed9f37e2b3f4966812966d1aca17dae8b454dd7fa725ccdc631b7dc1f3434f588e589f4cd419b9e087f3c745cd6ca092a683c92d82f
diff --git a/www-servers/nginx/nginx-1.20.1-r3.ebuild b/www-servers/nginx/nginx-1.20.1-r3.ebuild
deleted file mode 100644
index 9152592128f8..000000000000
--- a/www-servers/nginx/nginx-1.20.1-r3.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.20.2-r1.ebuild b/www-servers/nginx/nginx-1.20.2-r1.ebuild
deleted file mode 100644
index 8330adb84690..000000000000
--- a/www-servers/nginx/nginx-1.20.2-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.21.0-r3.ebuild b/www-servers/nginx/nginx-1.21.0-r3.ebuild
deleted file mode 100644
index 81d8ec42dad6..000000000000
--- a/www-servers/nginx/nginx-1.21.0-r3.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.21.1-r1.ebuild b/www-servers/nginx/nginx-1.21.1-r1.ebuild
deleted file mode 100644
index 731c9cd0e306..000000000000
--- a/www-servers/nginx/nginx-1.21.1-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.21.2-r1.ebuild b/www-servers/nginx/nginx-1.21.2-r1.ebuild
deleted file mode 100644
index 9a5530c82907..000000000000
--- a/www-servers/nginx/nginx-1.21.2-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.21.3-r1.ebuild b/www-servers/nginx/nginx-1.21.3-r1.ebuild
deleted file mode 100644
index 9a5530c82907..000000000000
--- a/www-servers/nginx/nginx-1.21.3-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.21.4-r1.ebuild b/www-servers/nginx/nginx-1.21.4-r1.ebuild
deleted file mode 100644
index 9a5530c82907..000000000000
--- a/www-servers/nginx/nginx-1.21.4-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.6.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- ebegin "Creating nginx user and group"
- enewgroup ${PN}
- enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
- eend $?
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-14 19:01 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-14 19:01 UTC (permalink / raw
To: gentoo-commits
commit: 801dee7a6b58e92868a393bbf5a7c2720cdedf12
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Jul 14 09:07:21 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 19:01:20 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=801dee7a
www-servers/nginx: update vulnerable njs
Bug: https://bugs.gentoo.org/838247
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/26398
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r3.ebuild | 1078 ++++++++++++++++++++++++++++++
1 file changed, 1078 insertions(+)
diff --git a/www-servers/nginx/nginx-1.21.6-r3.ebuild b/www-servers/nginx/nginx-1.21.6-r3.ebuild
new file mode 100644
index 000000000000..3a51c6cf2628
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.6-r3.ebuild
@@ -0,0 +1,1078 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.5"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+ pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? (
+ dev-libs/apr:=
+ dev-libs/apr-util:=
+ dev-libs/libxml2:=
+ net-misc/curl
+ www-servers/apache
+ )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+ nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ eautoreconf
+
+ if use nginx_modules_http_lua; then
+ sed -i \
+ -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+ configure || die
+ fi
+
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ # mod_security needs to generate nginx/modsecurity/config before including it
+ if use nginx_modules_http_security; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+ ./configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --with-ssdeep=no \
+ $(use_enable pcre-jit) \
+ $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+ cd "${S}" || die
+ fi
+
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-15 6:00 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2022-07-15 6:00 UTC (permalink / raw
To: gentoo-commits
commit: 7d7be24a4598fc8746431e482eb80db91e192926
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 06:00:17 2022 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 06:00:17 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d7be24a
www-servers/nginx: Stabilize 1.21.6-r3 arm64, #858083
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r3.ebuild b/www-servers/nginx/nginx-1.21.6-r3.ebuild
index 3a51c6cf2628..197d3d084e01 100644
--- a/www-servers/nginx/nginx-1.21.6-r3.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r3.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-15 7:21 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-07-15 7:21 UTC (permalink / raw
To: gentoo-commits
commit: 99b508a425ae36a6fcd0a6c72fb51e90cc8ef905
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 07:21:28 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 07:21:37 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b508a4
www-servers/nginx: amd64 stable wrt bug #858083
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r3.ebuild b/www-servers/nginx/nginx-1.21.6-r3.ebuild
index 197d3d084e01..f9150bbfc98d 100644
--- a/www-servers/nginx/nginx-1.21.6-r3.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r3.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-15 7:22 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-07-15 7:22 UTC (permalink / raw
To: gentoo-commits
commit: 0f1d5fbddd18e0ac2edcebdcf329f41c778e981e
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 07:22:20 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 07:22:20 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f1d5fbd
www-servers/nginx: arm stable wrt bug #858083
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r3.ebuild b/www-servers/nginx/nginx-1.21.6-r3.ebuild
index f9150bbfc98d..ce32127dc38e 100644
--- a/www-servers/nginx/nginx-1.21.6-r3.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r3.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-15 7:25 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-07-15 7:25 UTC (permalink / raw
To: gentoo-commits
commit: d62992e91d9f56b5c9304bc5ac24cc97e43be06a
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 07:25:42 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 07:25:42 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d62992e9
www-servers/nginx: x86 stable wrt bug #858083
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.21.6-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.21.6-r3.ebuild b/www-servers/nginx/nginx-1.21.6-r3.ebuild
index ce32127dc38e..efd809f6074b 100644
--- a/www-servers/nginx/nginx-1.21.6-r3.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r3.ebuild
@@ -203,7 +203,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-19 17:21 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-19 17:21 UTC (permalink / raw
To: gentoo-commits
commit: 20163dcdde0d30f1d83f3d2cd08875be1a17a06a
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Jul 14 17:41:01 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 17:20:43 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20163dcd
www-servers/nginx: add modsecurity v3 support
Closes: https://bugs.gentoo.org/726614
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.23.0-r1.ebuild | 1049 ++++++++++++++++++++++++++++++
2 files changed, 1050 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c19149f8e8c0..514a2c79d521 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,4 +1,5 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
+DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
DIST nginx-1.23.0.tar.gz 1102940 BLAKE2B 375e63449dda4bb8df3535cc3f31bede03bf6cdc374c46fe5f5e1107fbf9e829d15f329123bd19d96f8236ca665cde3000366967372193fc023a3212bac562a9 SHA512 c76619e42e7715898cce7e13f5672b36e9d9401f815d912a453aae8364b6f8a4365e3cc6858a333bf68ebea1191f0ad38136f2d1832facc9acbf6c8a883999cd
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
diff --git a/www-servers/nginx/nginx-1.23.0-r1.ebuild b/www-servers/nginx/nginx-1.23.0-r1.ebuild
new file mode 100644
index 000000000000..52837a6b69db
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.0-r1.ebuild
@@ -0,0 +1,1049 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.5"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic pcre +pcre2
+ pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-19 17:21 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-19 17:21 UTC (permalink / raw
To: gentoo-commits
commit: ae815f64f1f8fee99ce7b626b58c0114cb331ce1
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Jul 14 17:43:59 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 17:20:45 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae815f64
www-servers/nginx: drop old
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/26401
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/nginx-1.23.0.ebuild | 1028 ---------------------------------
1 file changed, 1028 deletions(-)
diff --git a/www-servers/nginx/nginx-1.23.0.ebuild b/www-servers/nginx/nginx-1.23.0.ebuild
deleted file mode 100644
index 97bbe75ac5fc..000000000000
--- a/www-servers/nginx/nginx-1.23.0.ebuild
+++ /dev/null
@@ -1,1028 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic pcre +pcre2
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-19 17:21 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-19 17:21 UTC (permalink / raw
To: gentoo-commits
commit: 1a26f37d1add64400e8004a678c0476e08fb2d0f
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Jul 14 17:43:32 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 17:20:44 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a26f37d
www-servers/nginx: update geoip2 module to 3.4
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.23.0-r1.ebuild | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 514a2c79d521..02e3fd46fb3b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -12,6 +12,7 @@ DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa5
DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
+DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_headers_more-d502e41996d24a382bd9c632e3ae3efa0a5fca66.tar.gz 28810 BLAKE2B cb71e6b8a9da6c72bc542e837391e932c5803d52cbf01eab0b70f501b620d7de03009a25d10e9ba9de46a6c9ffca109b50dea47cded687412eb55210ba6e68c8 SHA512 80193f95f9754b1d6fb784cde6b4c4d6f72b5cff406c26329a93ad87a5833cd87ef7a8113d719bbe6913fd8e1fb29f438fa81e6dada8c0fc39bf0f2e47fe08ae
DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
diff --git a/www-servers/nginx/nginx-1.23.0-r1.ebuild b/www-servers/nginx/nginx-1.23.0-r1.ebuild
index 52837a6b69db..f207f4c4fc47 100644
--- a/www-servers/nginx/nginx-1.23.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.23.0-r1.ebuild
@@ -150,7 +150,7 @@ HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LD
HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_PV="3.4"
GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-19 17:44 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-19 17:44 UTC (permalink / raw
To: gentoo-commits
commit: 38485e577990a5e7e6ca603f497fddb16c85a9c1
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 19 17:43:29 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 17:44:03 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38485e57
www-servers/nginx: update metadata
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/metadata.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index af08e0a80963..c70bffda9b66 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -9,6 +9,7 @@
<flag name="http-cache">Enable HTTP cache support</flag>
<flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
<flag name="pcre-jit">Enable JIT for pcre</flag>
+ <flag name="pcre2">Enable support for pcre2</flag>
<flag name="ssl">Enable HTTPS module for http. Enable SSL/TLS support for POP3/IMAP/SMTP for mail.</flag>
<flag name="rtmp">NGINX-based Media Streaming Server</flag>
</use>
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-19 19:38 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-19 19:38 UTC (permalink / raw
To: gentoo-commits
commit: 407cf6adb77f6383f71e1272f74ec9d9617b27fe
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 19 19:36:15 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 19:38:05 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=407cf6ad
www-servers/nginx: add 1.23.1
Also updates NJS to 0.7.6.
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.23.1.ebuild | 1049 +++++++++++++++++++++++++++++++++
2 files changed, 1051 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 02e3fd46fb3b..b988af5c5a56 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
DIST nginx-1.23.0.tar.gz 1102940 BLAKE2B 375e63449dda4bb8df3535cc3f31bede03bf6cdc374c46fe5f5e1107fbf9e829d15f329123bd19d96f8236ca665cde3000366967372193fc023a3212bac562a9 SHA512 c76619e42e7715898cce7e13f5672b36e9d9401f815d912a453aae8364b6f8a4365e3cc6858a333bf68ebea1191f0ad38136f2d1832facc9acbf6c8a883999cd
+DIST nginx-1.23.1.tar.gz 1104352 BLAKE2B 2c90b792ad7d9d685dc417e4c4d24ad68fa490da737574d25d526c70839fb64f69581e9093cf1c38010b7c404650e48c0fe8f9c1ef71c75d30be0be7e9ebd4d8 SHA512 62d6b3d5282f4e4cc23adf23b3dc26e06fc4574cae3c18381c406d0cf0f8c68e7dfa86af0c3c1c1485214c548f3b45015eb219e62bfe04e0aaa5edaad82e6706
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -31,3 +32,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.7.2.tar.gz 584483 BLAKE2B 98f28e599f73aaacf2c155dd2a630b8dec9767725e47e6d93de05fb15b854277cd2fcc38ec915d8b04a769d40513725fe2061054521fed73967a6d61f04ce8e1 SHA512 7ff9c8f4e8cf1a3aeb0f2ed9f37e2b3f4966812966d1aca17dae8b454dd7fa725ccdc631b7dc1f3434f588e589f4cd419b9e087f3c745cd6ca092a683c92d82f
DIST njs-0.7.5.tar.gz 592998 BLAKE2B 7e1178f928320741eb3af4a4b8692b061c9d223e2f905f2fb2b9f604924e7586f0fa4dc7dbdef9965f5f74f9a87bb87fc5550135ffe084aa71b25bebef5387fc SHA512 e33dbb285ff6216acddcd213fdbd73ffadd5730680bcec742b1598fa57b4d100da32c913b1c2648b3e87867fc29bf11075d70fa5655f85c62e42eb0a48d177f1
+DIST njs-0.7.6.tar.gz 600165 BLAKE2B 39ac895f8c1a18e2b04bf6302bea2345475fafe0aabbd5e680702c770d85be371c9d778d2eaf05dda928ed4cfa7aa890845e799b7adb9cd4da68aeb7599b6280 SHA512 c27d6e138eba0d0fa3c029a008c09a64a6916f953d9fb2bc31cd82e1ba6eb1ae58c339523aaf124100921f01dac61aa5baedc6dc45dd65e7c0c00381ff0b7b52
diff --git a/www-servers/nginx/nginx-1.23.1.ebuild b/www-servers/nginx/nginx-1.23.1.ebuild
new file mode 100644
index 000000000000..9bfada0159db
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.1.ebuild
@@ -0,0 +1,1049 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic pcre +pcre2
+ pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ local WITHOUT_IPV6=
+ if ! use ipv6; then
+ WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-19 19:38 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-19 19:38 UTC (permalink / raw
To: gentoo-commits
commit: faee0a178656e2f43500e6b72e75982216adfb73
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 19 19:37:02 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 19:38:06 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=faee0a17
www-servers/nginx: drop 1.23.0-r1
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.23.0-r1.ebuild | 1049 ------------------------------
2 files changed, 1050 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b988af5c5a56..031e85620744 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
-DIST nginx-1.23.0.tar.gz 1102940 BLAKE2B 375e63449dda4bb8df3535cc3f31bede03bf6cdc374c46fe5f5e1107fbf9e829d15f329123bd19d96f8236ca665cde3000366967372193fc023a3212bac562a9 SHA512 c76619e42e7715898cce7e13f5672b36e9d9401f815d912a453aae8364b6f8a4365e3cc6858a333bf68ebea1191f0ad38136f2d1832facc9acbf6c8a883999cd
DIST nginx-1.23.1.tar.gz 1104352 BLAKE2B 2c90b792ad7d9d685dc417e4c4d24ad68fa490da737574d25d526c70839fb64f69581e9093cf1c38010b7c404650e48c0fe8f9c1ef71c75d30be0be7e9ebd4d8 SHA512 62d6b3d5282f4e4cc23adf23b3dc26e06fc4574cae3c18381c406d0cf0f8c68e7dfa86af0c3c1c1485214c548f3b45015eb219e62bfe04e0aaa5edaad82e6706
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.23.0-r1.ebuild b/www-servers/nginx/nginx-1.23.0-r1.ebuild
deleted file mode 100644
index f207f4c4fc47..000000000000
--- a/www-servers/nginx/nginx-1.23.0-r1.ebuild
+++ /dev/null
@@ -1,1049 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic pcre +pcre2
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-07-20 7:39 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-07-20 7:39 UTC (permalink / raw
To: gentoo-commits
commit: effe6d2a83edc3cdd5a5d772145fe5f2d8f5d67c
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Wed Jul 20 04:32:29 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Jul 20 07:38:48 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=effe6d2a
www-servers/nginx: drop vulnerable
Bug: https://bugs.gentoo.org/838247
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/26491
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.21.6-r2.ebuild | 1078 ------------------------------
2 files changed, 1079 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 031e85620744..8dca67f5592e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,6 +29,5 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.7.2.tar.gz 584483 BLAKE2B 98f28e599f73aaacf2c155dd2a630b8dec9767725e47e6d93de05fb15b854277cd2fcc38ec915d8b04a769d40513725fe2061054521fed73967a6d61f04ce8e1 SHA512 7ff9c8f4e8cf1a3aeb0f2ed9f37e2b3f4966812966d1aca17dae8b454dd7fa725ccdc631b7dc1f3434f588e589f4cd419b9e087f3c745cd6ca092a683c92d82f
DIST njs-0.7.5.tar.gz 592998 BLAKE2B 7e1178f928320741eb3af4a4b8692b061c9d223e2f905f2fb2b9f604924e7586f0fa4dc7dbdef9965f5f74f9a87bb87fc5550135ffe084aa71b25bebef5387fc SHA512 e33dbb285ff6216acddcd213fdbd73ffadd5730680bcec742b1598fa57b4d100da32c913b1c2648b3e87867fc29bf11075d70fa5655f85c62e42eb0a48d177f1
DIST njs-0.7.6.tar.gz 600165 BLAKE2B 39ac895f8c1a18e2b04bf6302bea2345475fafe0aabbd5e680702c770d85be371c9d778d2eaf05dda928ed4cfa7aa890845e799b7adb9cd4da68aeb7599b6280 SHA512 c27d6e138eba0d0fa3c029a008c09a64a6916f953d9fb2bc31cd82e1ba6eb1ae58c339523aaf124100921f01dac61aa5baedc6dc45dd65e7c0c00381ff0b7b52
diff --git a/www-servers/nginx/nginx-1.21.6-r2.ebuild b/www-servers/nginx/nginx-1.21.6-r2.ebuild
deleted file mode 100644
index d85839846c7f..000000000000
--- a/www-servers/nginx/nginx-1.21.6-r2.ebuild
+++ /dev/null
@@ -1,1078 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-09-05 23:29 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-09-05 23:29 UTC (permalink / raw
To: gentoo-commits
commit: 597f26b953627362ae32345dee6a45cf44c4cb37
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 5 23:25:23 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Mon Sep 5 23:28:42 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=597f26b9
www-servers/nginx: bump njs module to 0.7.7
This fixes CVE-2022-35173.
Bug: https://bugs.gentoo.org/865723
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.23.1.ebuild => nginx-1.23.1-r1.ebuild} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8dca67f5592e..3b91fe4ed394 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -30,4 +30,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST njs-0.7.5.tar.gz 592998 BLAKE2B 7e1178f928320741eb3af4a4b8692b061c9d223e2f905f2fb2b9f604924e7586f0fa4dc7dbdef9965f5f74f9a87bb87fc5550135ffe084aa71b25bebef5387fc SHA512 e33dbb285ff6216acddcd213fdbd73ffadd5730680bcec742b1598fa57b4d100da32c913b1c2648b3e87867fc29bf11075d70fa5655f85c62e42eb0a48d177f1
-DIST njs-0.7.6.tar.gz 600165 BLAKE2B 39ac895f8c1a18e2b04bf6302bea2345475fafe0aabbd5e680702c770d85be371c9d778d2eaf05dda928ed4cfa7aa890845e799b7adb9cd4da68aeb7599b6280 SHA512 c27d6e138eba0d0fa3c029a008c09a64a6916f953d9fb2bc31cd82e1ba6eb1ae58c339523aaf124100921f01dac61aa5baedc6dc45dd65e7c0c00381ff0b7b52
+DIST njs-0.7.7.tar.gz 609779 BLAKE2B 878c1a106237d42f03074051d12a2de409a1ce3088ec3fd8a43032183608b68e0a11f438668aaca3135ac2280875f248467d6fa801539fcfc6d1436db1579199 SHA512 3fd9e9b84e416e95dbdffced78eabd76a519cccec7c386d8acaccd0d891dea5ceeb702408d4450107c7e3909586753e4eeb5e38c06657cd8f273180beb8fae74
diff --git a/www-servers/nginx/nginx-1.23.1.ebuild b/www-servers/nginx/nginx-1.23.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.23.1.ebuild
rename to www-servers/nginx/nginx-1.23.1-r1.ebuild
index 9bfada0159db..85901b7e2f10 100644
--- a/www-servers/nginx/nginx-1.23.1.ebuild
+++ b/www-servers/nginx/nginx-1.23.1-r1.ebuild
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.6"
+NJS_MODULE_PV="0.7.7"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-09-05 23:29 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-09-05 23:29 UTC (permalink / raw
To: gentoo-commits
commit: dce914f2bbf52360f45c90d877857df3c4c2a353
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 5 23:27:16 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Mon Sep 5 23:28:42 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dce914f2
www-servers/nginx: bump njs module to 0.7.7
This fixes CVE-2022-35173.
Bug: https://bugs.gentoo.org/865723
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/{nginx-1.21.6-r3.ebuild => nginx-1.21.6-r4.ebuild} | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 3b91fe4ed394..26a42ad7ed3d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,5 +29,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.7.5.tar.gz 592998 BLAKE2B 7e1178f928320741eb3af4a4b8692b061c9d223e2f905f2fb2b9f604924e7586f0fa4dc7dbdef9965f5f74f9a87bb87fc5550135ffe084aa71b25bebef5387fc SHA512 e33dbb285ff6216acddcd213fdbd73ffadd5730680bcec742b1598fa57b4d100da32c913b1c2648b3e87867fc29bf11075d70fa5655f85c62e42eb0a48d177f1
DIST njs-0.7.7.tar.gz 609779 BLAKE2B 878c1a106237d42f03074051d12a2de409a1ce3088ec3fd8a43032183608b68e0a11f438668aaca3135ac2280875f248467d6fa801539fcfc6d1436db1579199 SHA512 3fd9e9b84e416e95dbdffced78eabd76a519cccec7c386d8acaccd0d891dea5ceeb702408d4450107c7e3909586753e4eeb5e38c06657cd8f273180beb8fae74
diff --git a/www-servers/nginx/nginx-1.21.6-r3.ebuild b/www-servers/nginx/nginx-1.21.6-r4.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.21.6-r3.ebuild
rename to www-servers/nginx/nginx-1.21.6-r4.ebuild
index efd809f6074b..916d61fd20c6 100644
--- a/www-servers/nginx/nginx-1.21.6-r3.ebuild
+++ b/www-servers/nginx/nginx-1.21.6-r4.ebuild
@@ -157,7 +157,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.5"
+NJS_MODULE_PV="0.7.7"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-09-09 7:34 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-09-09 7:34 UTC (permalink / raw
To: gentoo-commits
commit: ecbf541827281a030f6ad936e864a9894be354c4
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 07:34:15 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 07:34:22 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecbf5418
www-servers/nginx: Stabilize 1.23.1-r1 amd64, #869116
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.23.1-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.1-r1.ebuild b/www-servers/nginx/nginx-1.23.1-r1.ebuild
index 85901b7e2f10..faed8e4dac4d 100644
--- a/www-servers/nginx/nginx-1.23.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.23.1-r1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-09-09 7:36 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-09-09 7:36 UTC (permalink / raw
To: gentoo-commits
commit: 50ac2879adee305fab19fe27af1588380891e63a
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 07:35:54 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 07:35:54 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50ac2879
www-servers/nginx: Stabilize 1.23.1-r1 arm, #869116
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.23.1-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.1-r1.ebuild b/www-servers/nginx/nginx-1.23.1-r1.ebuild
index faed8e4dac4d..47faa47b392f 100644
--- a/www-servers/nginx/nginx-1.23.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.23.1-r1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-09-09 7:36 Agostino Sarubbo
0 siblings, 0 replies; 277+ messages in thread
From: Agostino Sarubbo @ 2022-09-09 7:36 UTC (permalink / raw
To: gentoo-commits
commit: e236afb0dbb1d7b469b7f4841e5d10e42c1c1f4e
Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 07:36:19 2022 +0000
Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 07:36:19 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e236afb0
www-servers/nginx: Stabilize 1.23.1-r1 arm64, #869116
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
www-servers/nginx/nginx-1.23.1-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.1-r1.ebuild b/www-servers/nginx/nginx-1.23.1-r1.ebuild
index 47faa47b392f..cbfbcfbe30f2 100644
--- a/www-servers/nginx/nginx-1.23.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.23.1-r1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-09-10 6:43 Jakov Smolić
0 siblings, 0 replies; 277+ messages in thread
From: Jakov Smolić @ 2022-09-10 6:43 UTC (permalink / raw
To: gentoo-commits
commit: f9aa0cce7cd954dadf9f3388ac106ea952828a21
Author: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 06:42:11 2022 +0000
Commit: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 06:42:11 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9aa0cce
www-servers/nginx: Stabilize 1.23.1-r1 x86, #869116
Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>
www-servers/nginx/nginx-1.23.1-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.1-r1.ebuild b/www-servers/nginx/nginx-1.23.1-r1.ebuild
index cbfbcfbe30f2..874658a6e5c3 100644
--- a/www-servers/nginx/nginx-1.23.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.23.1-r1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-10-19 14:43 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-10-19 14:43 UTC (permalink / raw
To: gentoo-commits
commit: 0b3061f5ede0392efd2a1b2a1d359de689a96ecd
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 14:34:31 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 14:43:04 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b3061f5
www-servers/nginx: drop 1.21.6-r4
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 7 -
www-servers/nginx/nginx-1.21.6-r4.ebuild | 1078 ------------------------------
2 files changed, 1085 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 26a42ad7ed3d..ef8bbe4fe5fd 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,4 @@
-DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
DIST nginx-1.23.1.tar.gz 1104352 BLAKE2B 2c90b792ad7d9d685dc417e4c4d24ad68fa490da737574d25d526c70839fb64f69581e9093cf1c38010b7c404650e48c0fe8f9c1ef71c75d30be0be7e9ebd4d8 SHA512 62d6b3d5282f4e4cc23adf23b3dc26e06fc4574cae3c18381c406d0cf0f8c68e7dfa86af0c3c1c1485214c548f3b45015eb219e62bfe04e0aaa5edaad82e6706
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -11,17 +9,12 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
-DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
-DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
DIST ngx_http_headers_more-d502e41996d24a382bd9c632e3ae3efa0a5fca66.tar.gz 28810 BLAKE2B cb71e6b8a9da6c72bc542e837391e932c5803d52cbf01eab0b70f501b620d7de03009a25d10e9ba9de46a6c9ffca109b50dea47cded687412eb55210ba6e68c8 SHA512 80193f95f9754b1d6fb784cde6b4c4d6f72b5cff406c26329a93ad87a5833cd87ef7a8113d719bbe6913fd8e1fb29f438fa81e6dada8c0fc39bf0f2e47fe08ae
-DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
-DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
DIST ngx_http_push_stream-8c02220d484d7848bc8e3a6d9b1c616987e86f66.tar.gz 196994 BLAKE2B 90baeb4fb03aeb309bcf1a987420067ca81843ff9b85b8fc26ba703741571e631826e5928a439a3ae79f2f5e369a3acb2cd803789308642ae757d67722ac7f33 SHA512 ad5424d65909d1cf0c2b64d7a4bc3123f4d3e240f1c9d611f6b6fc41167d169f474c723b1c327d42bd295f973a6365ad32e3f095b8c7c7cddc7e54aea138ca31
DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
-DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
DIST ngx_http_upload_progress-68b3ab3b64a0cee7f785d161401c8be357bbed12.tar.gz 17379 BLAKE2B 4790657b3f207eca460a26f5c4d1139dcd495e29fffedab8d716105e6dc3039cbeeecf5f6005d364470951e25b472860b46e3e08bc9573a5a7b4a23f53532f8a SHA512 6603e15aa33edca5e647fd04b4f008f1729c78c527be262ef481890f37a6d57e89609cebfb7459fad18b249024fbe3722e09473987401e8d8dfdd7cf50e4df4f
DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
diff --git a/www-servers/nginx/nginx-1.21.6-r4.ebuild b/www-servers/nginx/nginx-1.21.6-r4.ebuild
deleted file mode 100644
index 916d61fd20c6..000000000000
--- a/www-servers/nginx/nginx-1.21.6-r4.ebuild
+++ /dev/null
@@ -1,1078 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? (
- dev-libs/apr:=
- dev-libs/apr-util:=
- dev-libs/libxml2:=
- net-misc/curl
- www-servers/apache
- )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
- nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- eautoreconf
-
- if use nginx_modules_http_lua; then
- sed -i \
- -e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
- configure || die
- fi
-
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- # mod_security needs to generate nginx/modsecurity/config before including it
- if use nginx_modules_http_security; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
-
- ./configure \
- --enable-standalone-module \
- --disable-mlogc \
- --with-ssdeep=no \
- $(use_enable pcre-jit) \
- $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
- cd "${S}" || die
- fi
-
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-10-19 21:42 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-10-19 21:42 UTC (permalink / raw
To: gentoo-commits
commit: da925421e26e4a8fb26bc9f23f6b7aedfb1f85ed
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 21:41:24 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 21:41:37 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da925421
www-servers/nginx: drop 1.23.1-r1
Bug: https://bugs.gentoo.org/870409
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.23.1-r1.ebuild | 1049 ------------------------------
2 files changed, 1050 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b68ad65ae614..336dd48cb76f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,4 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.23.1.tar.gz 1104352 BLAKE2B 2c90b792ad7d9d685dc417e4c4d24ad68fa490da737574d25d526c70839fb64f69581e9093cf1c38010b7c404650e48c0fe8f9c1ef71c75d30be0be7e9ebd4d8 SHA512 62d6b3d5282f4e4cc23adf23b3dc26e06fc4574cae3c18381c406d0cf0f8c68e7dfa86af0c3c1c1485214c548f3b45015eb219e62bfe04e0aaa5edaad82e6706
DIST nginx-1.23.2.tar.gz 1108243 BLAKE2B 0a6a556afe93c4326247e879e3bb2ad377cd734a572f471b52c91b1b2901a243a848cd74fea587bda5afa0ee91dec9635b5d2a468cb95abc7f361c42a32c9598 SHA512 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.23.1-r1.ebuild b/www-servers/nginx/nginx-1.23.1-r1.ebuild
deleted file mode 100644
index 874658a6e5c3..000000000000
--- a/www-servers/nginx/nginx-1.23.1-r1.ebuild
+++ /dev/null
@@ -1,1049 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic pcre +pcre2
- pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- local WITHOUT_IPV6=
- if ! use ipv6; then
- WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-10-31 13:24 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-10-31 13:24 UTC (permalink / raw
To: gentoo-commits
commit: f200bd8f1206c0cec3141e3cccc44749131e6384
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Mon Oct 31 07:43:56 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Mon Oct 31 13:23:31 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f200bd8f
www-servers/nginx: update to njs 0.7.8
Bug: https://bugs.gentoo.org/878765
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.23.2-r2.ebuild | 1060 ++++++++++++++++++++++++++++++
2 files changed, 1061 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index dfe0526efc02..848019b0370d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.7.tar.gz 609779 BLAKE2B 878c1a106237d42f03074051d12a2de409a1ce3088ec3fd8a43032183608b68e0a11f438668aaca3135ac2280875f248467d6fa801539fcfc6d1436db1579199 SHA512 3fd9e9b84e416e95dbdffced78eabd76a519cccec7c386d8acaccd0d891dea5ceeb702408d4450107c7e3909586753e4eeb5e38c06657cd8f273180beb8fae74
+DIST njs-0.7.8.tar.gz 613161 BLAKE2B f6b10be576119f418cdbe052a0c82b847d1b43278f4f0764ac7a9c7309162bf48fd60b40542b97e43fa925c87817b19785ffc6c83fa0611ca73256932e8481cb SHA512 086ddb2e5189a8853598870b795bfa788e9e75da9d2502541a49314e8149d7c279acca0709c4c517db26611a416dc5fb989be807cf1697c7411aded1bd5b8237
diff --git a/www-servers/nginx/nginx-1.23.2-r2.ebuild b/www-servers/nginx/nginx-1.23.2-r2.ebuild
new file mode 100644
index 000000000000..96915733beb5
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.2-r2.ebuild
@@ -0,0 +1,1060 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-10-31 13:24 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-10-31 13:24 UTC (permalink / raw
To: gentoo-commits
commit: 967aee1fe04551ee6af528a931631c8365f74ec8
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Mon Oct 31 07:46:26 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Mon Oct 31 13:23:31 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=967aee1f
www-servers/nginx: drop vulnerable
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/28049
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/nginx-1.23.2-r1.ebuild | 1066 ------------------------------
1 file changed, 1066 deletions(-)
diff --git a/www-servers/nginx/nginx-1.23.2-r1.ebuild b/www-servers/nginx/nginx-1.23.2-r1.ebuild
deleted file mode 100644
index 5fb4b79bbe86..000000000000
--- a/www-servers/nginx/nginx-1.23.2-r1.ebuild
+++ /dev/null
@@ -1,1066 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- cd "${NJS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_javascript_cve_2022-38890.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-12-13 21:58 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2022-12-13 21:58 UTC (permalink / raw
To: gentoo-commits
commit: ed21b2817c43911e1a210f7400e42f4c33e2c28b
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 13 21:53:27 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 21:53:54 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed21b281
www-servers/nginx: add 1.23.3
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.23.3.ebuild | 1066 +++++++++++++++++++++++++++++++++
2 files changed, 1067 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 848019b0370d..d5ec5079101b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.23.2.tar.gz 1108243 BLAKE2B 0a6a556afe93c4326247e879e3bb2ad377cd734a572f471b52c91b1b2901a243a848cd74fea587bda5afa0ee91dec9635b5d2a468cb95abc7f361c42a32c9598 SHA512 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
+DIST nginx-1.23.3.tar.gz 1108958 BLAKE2B 5b8980f54e3f662ec6b4f8f0a50305c91081aaba881ef94f3c60e5fced8a79710ff09aae3abda3dce7dbcd460b1a46b1d3c0007d5dc76fbec5c4c2ad91ae7aa7 SHA512 da5f473ac213f8947f40f0a69820bf981157432fe9d29cf71fe30225dadd05f5814309034f0411ea15fb70bece8ceefc0cb0b2588096c1a9496c2a36fa425d9f
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.23.3.ebuild b/www-servers/nginx/nginx-1.23.3.ebuild
new file mode 100644
index 000000000000..4b707c551371
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.3.ebuild
@@ -0,0 +1,1066 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2022-12-30 23:41 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2022-12-30 23:41 UTC (permalink / raw
To: gentoo-commits
commit: 70f38bba09267633222a41ca216e3adc2cac5316
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 30 23:41:20 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 30 23:41:20 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70f38bba
www-servers/nginx: Stabilize 1.23.2-r3 x86, #889022
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.23.2-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.2-r3.ebuild b/www-servers/nginx/nginx-1.23.2-r3.ebuild
index 4b707c551371..7eb93de6c891 100644
--- a/www-servers/nginx/nginx-1.23.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.23.2-r3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-01-08 6:59 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2023-01-08 6:59 UTC (permalink / raw
To: gentoo-commits
commit: 281bf7f49ab793790d27e8b82e06fe8b8209294c
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 8 06:59:16 2023 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jan 8 06:59:16 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=281bf7f4
www-servers/nginx: Stabilize 1.23.2-r3 amd64, #889022
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/nginx-1.23.2-r3.ebuild | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.23.2-r3.ebuild b/www-servers/nginx/nginx-1.23.2-r3.ebuild
index 7eb93de6c891..d9fcf97c2944 100644
--- a/www-servers/nginx/nginx-1.23.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.23.2-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-01-13 14:16 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-01-13 14:16 UTC (permalink / raw
To: gentoo-commits
commit: 8db3b4dd0df5c015d1c9a3a7503f96715299ff81
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 13 14:16:45 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 14:16:45 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8db3b4dd
www-servers/nginx: Stabilize 1.23.2-r3 arm64, #889022
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.23.2-r3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.2-r3.ebuild b/www-servers/nginx/nginx-1.23.2-r3.ebuild
index d9fcf97c2944..aa888a8de5e1 100644
--- a/www-servers/nginx/nginx-1.23.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.23.2-r3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-01-25 1:40 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2023-01-25 1:40 UTC (permalink / raw
To: gentoo-commits
commit: d0ae29199a976811b83f76c96367b1fd5077eece
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 25 01:39:59 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 25 01:39:59 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0ae2919
www-servers/nginx: Stabilize 1.23.3 amd64, #891923
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.23.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.3.ebuild b/www-servers/nginx/nginx-1.23.3.ebuild
index 2a2bc2f9b9e1..d9fcf97c2944 100644
--- a/www-servers/nginx/nginx-1.23.3.ebuild
+++ b/www-servers/nginx/nginx-1.23.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-01-25 1:40 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2023-01-25 1:40 UTC (permalink / raw
To: gentoo-commits
commit: 5421cc344b4982bf73a595c66a3bdaa1038b7bdf
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 25 01:39:57 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 25 01:39:57 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5421cc34
www-servers/nginx: Stabilize 1.23.3 x86, #891923
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.23.3.ebuild | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.23.3.ebuild b/www-servers/nginx/nginx-1.23.3.ebuild
index 4b707c551371..2a2bc2f9b9e1 100644
--- a/www-servers/nginx/nginx-1.23.3.ebuild
+++ b/www-servers/nginx/nginx-1.23.3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-02-01 11:36 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-02-01 11:36 UTC (permalink / raw
To: gentoo-commits
commit: efbca6c7953a77fe330164be2b9bfb008adec0f1
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 1 11:36:30 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 1 11:36:30 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efbca6c7
www-servers/nginx: Stabilize 1.23.3 arm64, #891923
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.23.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.3.ebuild b/www-servers/nginx/nginx-1.23.3.ebuild
index d9fcf97c2944..aa888a8de5e1 100644
--- a/www-servers/nginx/nginx-1.23.3.ebuild
+++ b/www-servers/nginx/nginx-1.23.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-03-30 21:12 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-03-30 21:12 UTC (permalink / raw
To: gentoo-commits
commit: 985b01936fe11532131360d6f1914cc1f43de927
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Mar 30 05:53:23 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu Mar 30 21:11:45 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=985b0193
www-servers/nginx: add 1.23.4
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/30408
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.23.4.ebuild | 1066 +++++++++++++++++++++++++++++++++
2 files changed, 1067 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index d5ec5079101b..4c15cd563545 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.23.2.tar.gz 1108243 BLAKE2B 0a6a556afe93c4326247e879e3bb2ad377cd734a572f471b52c91b1b2901a243a848cd74fea587bda5afa0ee91dec9635b5d2a468cb95abc7f361c42a32c9598 SHA512 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
DIST nginx-1.23.3.tar.gz 1108958 BLAKE2B 5b8980f54e3f662ec6b4f8f0a50305c91081aaba881ef94f3c60e5fced8a79710ff09aae3abda3dce7dbcd460b1a46b1d3c0007d5dc76fbec5c4c2ad91ae7aa7 SHA512 da5f473ac213f8947f40f0a69820bf981157432fe9d29cf71fe30225dadd05f5814309034f0411ea15fb70bece8ceefc0cb0b2588096c1a9496c2a36fa425d9f
+DIST nginx-1.23.4.tar.gz 1112403 BLAKE2B fe9e4256cf092394a485f121d73f3561c0f1f3a72eaf7a279f23ca88d3cc92ae8498b895687dca582f681e621cc99906e86c7c08a3d2dfd73a203af67ce34d4a SHA512 542a53cae32bf5c7d4d09a4940793e603e0b3c7a8a4ca2bcec84e64bc298fcf0e58297338d1ae0cd28889c4a3e359f3f48532b0addaf7d223f796ed81c3054e8
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.23.4.ebuild b/www-servers/nginx/nginx-1.23.4.ebuild
new file mode 100644
index 000000000000..fddd5f090b86
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.4.ebuild
@@ -0,0 +1,1066 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-04-01 16:30 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-04-01 16:30 UTC (permalink / raw
To: gentoo-commits
commit: 105e590f3f4c1f9e390188c2e2d1408702d5ccda
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 1 16:30:46 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 1 16:30:46 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=105e590f
www-servers/nginx: Stabilize 1.23.3 arm, #891923
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.23.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.23.3.ebuild b/www-servers/nginx/nginx-1.23.3.ebuild
index aa888a8de5e1..e86939bd76cf 100644
--- a/www-servers/nginx/nginx-1.23.3.ebuild
+++ b/www-servers/nginx/nginx-1.23.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-04-18 20:38 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-04-18 20:38 UTC (permalink / raw
To: gentoo-commits
commit: 4385ddc7efd25f9f5bdb9432bfa469fbdae054bf
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Tue Apr 18 10:19:53 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Apr 18 20:30:48 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4385ddc7
www-servers/nginx: add 1.24.0
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/30637
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.24.0.ebuild | 1066 +++++++++++++++++++++++++++++++++
2 files changed, 1067 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 4c15cd563545..9443752ddef3 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d
DIST nginx-1.23.2.tar.gz 1108243 BLAKE2B 0a6a556afe93c4326247e879e3bb2ad377cd734a572f471b52c91b1b2901a243a848cd74fea587bda5afa0ee91dec9635b5d2a468cb95abc7f361c42a32c9598 SHA512 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
DIST nginx-1.23.3.tar.gz 1108958 BLAKE2B 5b8980f54e3f662ec6b4f8f0a50305c91081aaba881ef94f3c60e5fced8a79710ff09aae3abda3dce7dbcd460b1a46b1d3c0007d5dc76fbec5c4c2ad91ae7aa7 SHA512 da5f473ac213f8947f40f0a69820bf981157432fe9d29cf71fe30225dadd05f5814309034f0411ea15fb70bece8ceefc0cb0b2588096c1a9496c2a36fa425d9f
DIST nginx-1.23.4.tar.gz 1112403 BLAKE2B fe9e4256cf092394a485f121d73f3561c0f1f3a72eaf7a279f23ca88d3cc92ae8498b895687dca582f681e621cc99906e86c7c08a3d2dfd73a203af67ce34d4a SHA512 542a53cae32bf5c7d4d09a4940793e603e0b3c7a8a4ca2bcec84e64bc298fcf0e58297338d1ae0cd28889c4a3e359f3f48532b0addaf7d223f796ed81c3054e8
+DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.24.0.ebuild b/www-servers/nginx/nginx-1.24.0.ebuild
new file mode 100644
index 000000000000..5611fa3c44c7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.24.0.ebuild
@@ -0,0 +1,1066 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-04-20 4:01 John Helmert III
0 siblings, 0 replies; 277+ messages in thread
From: John Helmert III @ 2023-04-20 4:01 UTC (permalink / raw
To: gentoo-commits
commit: 80a5d60baea3a47ef581f5676a0c08caf7bc5ca4
Author: John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 20 04:00:26 2023 +0000
Commit: John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Thu Apr 20 04:00:26 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80a5d60b
www-servers/nginx: drop 1.23.2
Bug: https://bugs.gentoo.org/878765
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>
www-servers/nginx/Manifest | 6 -
www-servers/nginx/nginx-1.23.2.ebuild | 1049 ---------------------------------
2 files changed, 1055 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9443752ddef3..f045602d8056 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -10,14 +10,11 @@ DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b54
DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132ac21fcd1720a2843ce598450198e2b7fe902e9ded15a78b66e8a897e811faa872e4e391bf211c795e320c1ccd57607c319 SHA512 b82e401533c44298c41bc9a1caaf3f7850e42da151c06a77a927f817810ebf5ce01c49ca81de42c326345765c784bb55e28fbf0f6a5500626f51e58a216b53c4
DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
-DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
DIST ngx_http_echo-0.63.tar.gz 53421 BLAKE2B 613d4f265b9bcf9b4a44a18749314075e797dca4b350e6c4bc2e7ddd52edadc52660504ee57d0c859ec0a20f6b2e425727e5ec4b30282e67498010fc8d959baa SHA512 c325ac4e3f3f735739e156d8c7ada503b34475c62533b4830231ff1b42c25cb0c841aae06b3448b589c2ab35da8d211436ed194d6fd062cad925af8152c5e789
DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
DIST ngx_http_headers_more-0.34.tar.gz 28827 BLAKE2B 48badf603b93601b11c837057760f768ef2579062786bb366795617635747b654cecafa3a230eec1a3e442ab768fb068867ceb93385b14b6452b621764acfd3f SHA512 2c0c140feeb29f0154a223dc3020ff956f894d63e0232a7bc0ca33fcb26f8b807bda868159ae30b6cac7456ec25b831c3d299ea18e234202ae5d14c1ff471a4b
-DIST ngx_http_headers_more-d502e41996d24a382bd9c632e3ae3efa0a5fca66.tar.gz 28810 BLAKE2B cb71e6b8a9da6c72bc542e837391e932c5803d52cbf01eab0b70f501b620d7de03009a25d10e9ba9de46a6c9ffca109b50dea47cded687412eb55210ba6e68c8 SHA512 80193f95f9754b1d6fb784cde6b4c4d6f72b5cff406c26329a93ad87a5833cd87ef7a8113d719bbe6913fd8e1fb29f438fa81e6dada8c0fc39bf0f2e47fe08ae
DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
-DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
DIST ngx_http_naxsi-4140b2ded624eb36f04c783c460379b9403012d0.tar.gz 166325 BLAKE2B f80353bfc1f3fc009b847de1c1c5d623a84682efc588649cbd156f669336c95f337442ebf350c79321bf59477215f083817929f13550b22dc7f393583aa16ba1 SHA512 6d6565189d9fabdcf318270107455bb4915d2a43284fb2f77b5cf025a4b4843e990c1c1dbc254e0f3879ca7d30ac7bcd7eb8637f491d5b7f05193aa9865be7cc
DIST ngx_http_naxsi_libinjection-49904c42a6e68dc8f16c022c693e897e4010a06c.tar.gz 2123473 BLAKE2B 69208f09ca9f10f59f53a3e949894ebc6e51b0ed5708e551759fd8fbc002c83f5a0462fd22eaf52cae290992633729f47403b33c41539437e40700fb7763ac2a SHA512 ed643aaed8d70dae028ec3df48be3aa2c03955073039cd14fb6187bf162cfee9131ab3e5900ddc349526b171f4da0e01e13b39a669cb85838c1f254476a3c1b8
DIST ngx_http_push_stream-8c02220d484d7848bc8e3a6d9b1c616987e86f66.tar.gz 196994 BLAKE2B 90baeb4fb03aeb309bcf1a987420067ca81843ff9b85b8fc26ba703741571e631826e5928a439a3ae79f2f5e369a3acb2cd803789308642ae757d67722ac7f33 SHA512 ad5424d65909d1cf0c2b64d7a4bc3123f4d3e240f1c9d611f6b6fc41167d169f474c723b1c327d42bd295f973a6365ad32e3f095b8c7c7cddc7e54aea138ca31
@@ -25,11 +22,8 @@ DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46
DIST ngx_http_upload_progress-68b3ab3b64a0cee7f785d161401c8be357bbed12.tar.gz 17379 BLAKE2B 4790657b3f207eca460a26f5c4d1139dcd495e29fffedab8d716105e6dc3039cbeeecf5f6005d364470951e25b472860b46e3e08bc9573a5a7b4a23f53532f8a SHA512 6603e15aa33edca5e647fd04b4f008f1729c78c527be262ef481890f37a6d57e89609cebfb7459fad18b249024fbe3722e09473987401e8d8dfdd7cf50e4df4f
DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
DIST ngx_http_vhost_traffic_status-0.2.1.tar.gz 179679 BLAKE2B 3f0f950745695997232f4ae07487e58d798a3a4f2cd0ba8d922865a39e010e1282932469fbeee615a115358f1e9e36f67876fa507fbefb7c146d701ea68a864d SHA512 fadd4727ffc56111b443364d90e5b0597f09b25006404b11377586f0ed754f5a85e0b84796360be927bd455f43eb28e18004991f086b611146cd340937a6e5e9
-DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
-DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
-DIST njs-0.7.7.tar.gz 609779 BLAKE2B 878c1a106237d42f03074051d12a2de409a1ce3088ec3fd8a43032183608b68e0a11f438668aaca3135ac2280875f248467d6fa801539fcfc6d1436db1579199 SHA512 3fd9e9b84e416e95dbdffced78eabd76a519cccec7c386d8acaccd0d891dea5ceeb702408d4450107c7e3909586753e4eeb5e38c06657cd8f273180beb8fae74
DIST njs-0.7.8.tar.gz 613161 BLAKE2B f6b10be576119f418cdbe052a0c82b847d1b43278f4f0764ac7a9c7309162bf48fd60b40542b97e43fa925c87817b19785ffc6c83fa0611ca73256932e8481cb SHA512 086ddb2e5189a8853598870b795bfa788e9e75da9d2502541a49314e8149d7c279acca0709c4c517db26611a416dc5fb989be807cf1697c7411aded1bd5b8237
diff --git a/www-servers/nginx/nginx-1.23.2.ebuild b/www-servers/nginx/nginx-1.23.2.ebuild
deleted file mode 100644
index 283d53ed7cd3..000000000000
--- a/www-servers/nginx/nginx-1.23.2.ebuild
+++ /dev/null
@@ -1,1049 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.62"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- cd "${NJS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_javascript_cve_2022-38890.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-04-27 21:57 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-04-27 21:57 UTC (permalink / raw
To: gentoo-commits
commit: 52599bd4b62f89c9977210a15b2d87e8c8ca0f8f
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Wed Apr 26 14:18:03 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu Apr 27 21:44:20 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52599bd4
www-servers/nginx: drop old
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/30768
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.23.2-r3.ebuild | 1066 ------------------------------
www-servers/nginx/nginx-1.24.0.ebuild | 1066 ------------------------------
3 files changed, 2133 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f70731a5888d..6fc8febbfd22 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,4 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.23.2.tar.gz 1108243 BLAKE2B 0a6a556afe93c4326247e879e3bb2ad377cd734a572f471b52c91b1b2901a243a848cd74fea587bda5afa0ee91dec9635b5d2a468cb95abc7f361c42a32c9598 SHA512 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
DIST nginx-1.23.3.tar.gz 1108958 BLAKE2B 5b8980f54e3f662ec6b4f8f0a50305c91081aaba881ef94f3c60e5fced8a79710ff09aae3abda3dce7dbcd460b1a46b1d3c0007d5dc76fbec5c4c2ad91ae7aa7 SHA512 da5f473ac213f8947f40f0a69820bf981157432fe9d29cf71fe30225dadd05f5814309034f0411ea15fb70bece8ceefc0cb0b2588096c1a9496c2a36fa425d9f
DIST nginx-1.23.4.tar.gz 1112403 BLAKE2B fe9e4256cf092394a485f121d73f3561c0f1f3a72eaf7a279f23ca88d3cc92ae8498b895687dca582f681e621cc99906e86c7c08a3d2dfd73a203af67ce34d4a SHA512 542a53cae32bf5c7d4d09a4940793e603e0b3c7a8a4ca2bcec84e64bc298fcf0e58297338d1ae0cd28889c4a3e359f3f48532b0addaf7d223f796ed81c3054e8
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
diff --git a/www-servers/nginx/nginx-1.23.2-r3.ebuild b/www-servers/nginx/nginx-1.23.2-r3.ebuild
deleted file mode 100644
index aa888a8de5e1..000000000000
--- a/www-servers/nginx/nginx-1.23.2-r3.ebuild
+++ /dev/null
@@ -1,1066 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.24.0.ebuild b/www-servers/nginx/nginx-1.24.0.ebuild
deleted file mode 100644
index 5611fa3c44c7..000000000000
--- a/www-servers/nginx/nginx-1.24.0.ebuild
+++ /dev/null
@@ -1,1066 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-04-27 21:57 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-04-27 21:57 UTC (permalink / raw
To: gentoo-commits
commit: 4dce633da7edca08a480a87c7dd4339a41d811da
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Wed Apr 26 14:16:40 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu Apr 27 21:44:20 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dce633d
www-servers/nginx: update to njs 0.7.12
Bug: https://bugs.gentoo.org/905096
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.24.0-r1.ebuild | 1066 ++++++++++++++++++++++++++++++
2 files changed, 1067 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f045602d8056..f70731a5888d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,4 +26,5 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
+DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
DIST njs-0.7.8.tar.gz 613161 BLAKE2B f6b10be576119f418cdbe052a0c82b847d1b43278f4f0764ac7a9c7309162bf48fd60b40542b97e43fa925c87817b19785ffc6c83fa0611ca73256932e8481cb SHA512 086ddb2e5189a8853598870b795bfa788e9e75da9d2502541a49314e8149d7c279acca0709c4c517db26611a416dc5fb989be807cf1697c7411aded1bd5b8237
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r1.ebuild
new file mode 100644
index 000000000000..8957d37bc64d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.24.0-r1.ebuild
@@ -0,0 +1,1066 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.12"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-06-23 16:17 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2023-06-23 16:17 UTC (permalink / raw
To: gentoo-commits
commit: e28b249b11672f76d36a96fcb773bf405dc17244
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Jun 8 09:27:39 2023 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jun 23 16:15:36 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e28b249b
www-servers/nginx: add 1.25.1
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/31351
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/metadata.xml | 1 +
www-servers/nginx/nginx-1.25.1.ebuild | 1067 +++++++++++++++++++++++++++++++++
3 files changed, 1070 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6fc8febbfd22..10d3ffc5a462 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d
DIST nginx-1.23.3.tar.gz 1108958 BLAKE2B 5b8980f54e3f662ec6b4f8f0a50305c91081aaba881ef94f3c60e5fced8a79710ff09aae3abda3dce7dbcd460b1a46b1d3c0007d5dc76fbec5c4c2ad91ae7aa7 SHA512 da5f473ac213f8947f40f0a69820bf981157432fe9d29cf71fe30225dadd05f5814309034f0411ea15fb70bece8ceefc0cb0b2588096c1a9496c2a36fa425d9f
DIST nginx-1.23.4.tar.gz 1112403 BLAKE2B fe9e4256cf092394a485f121d73f3561c0f1f3a72eaf7a279f23ca88d3cc92ae8498b895687dca582f681e621cc99906e86c7c08a3d2dfd73a203af67ce34d4a SHA512 542a53cae32bf5c7d4d09a4940793e603e0b3c7a8a4ca2bcec84e64bc298fcf0e58297338d1ae0cd28889c4a3e359f3f48532b0addaf7d223f796ed81c3054e8
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
+DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d719d943d5efe817aa1993b937c110d09e22cdf225ced39d53a15de5c888df28cf71792ecb785f7bfa348fe0c1 SHA512 608db15b3b741881a5e67bb847e550eda5e4c45d2991344eb1ba9c835d24c9d839fdba12b9a97df669bbc933463ac6d940ed31389a5ca38e6c75fc9de0c8d55b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -27,3 +28,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
DIST njs-0.7.8.tar.gz 613161 BLAKE2B f6b10be576119f418cdbe052a0c82b847d1b43278f4f0764ac7a9c7309162bf48fd60b40542b97e43fa925c87817b19785ffc6c83fa0611ca73256932e8481cb SHA512 086ddb2e5189a8853598870b795bfa788e9e75da9d2502541a49314e8149d7c279acca0709c4c517db26611a416dc5fb989be807cf1697c7411aded1bd5b8237
+DIST njs-5b463b8050377216ad4197cd1e35bb69b35b77e9.tar.gz 704472 BLAKE2B 1e1182fedad45301202f53e7259944cc86651e27798eca170e44f9772842c57d85855ee8e846019a4357ae0d5eacffc5e77cffaecbb9c9a105eb4d731ccdccdb SHA512 2c0b4a2fa3c9b02f47bcbb677b0646c459d6c64b3156be7ed7cb918b6d4948c5bb9f6f68b8b004291bb44e64bfa0dd04fd7c9b6a8083e9fa4b946ada42d284a5
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index c70bffda9b66..53e205ae2540 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -6,6 +6,7 @@
<flag name="aio">Enables file AIO support</flag>
<flag name="http">Enable HTTP core support</flag>
<flag name="http2">Enable HTTP2 module support</flag>
+ <flag name="http3">Enable HTTP3 module support</flag>
<flag name="http-cache">Enable HTTP cache support</flag>
<flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
<flag name="pcre-jit">Enable JIT for pcre</flag>
diff --git a/www-servers/nginx/nginx-1.25.1.ebuild b/www-servers/nginx/nginx-1.25.1.ebuild
new file mode 100644
index 000000000000..52a937748847
--- /dev/null
+++ b/www-servers/nginx/nginx-1.25.1.ebuild
@@ -0,0 +1,1067 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="5b463b8050377216ad4197cd1e35bb69b35b77e9"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-02 1:18 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-07-02 1:18 UTC (permalink / raw
To: gentoo-commits
commit: b8c8f67221d72182627d67700b16e6d4f8a0fc19
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Sat Jun 24 08:31:07 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Jul 2 01:12:47 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8c8f672
www-servers/nginx: adjust SLOT
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/31589
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/{nginx-1.25.1.ebuild => nginx-1.25.1-r1.ebuild} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.25.1.ebuild b/www-servers/nginx/nginx-1.25.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.25.1.ebuild
rename to www-servers/nginx/nginx-1.25.1-r1.ebuild
index 52a937748847..3cb7d2a4b81c 100644
--- a/www-servers/nginx/nginx-1.25.1.ebuild
+++ b/www-servers/nginx/nginx-1.25.1-r1.ebuild
@@ -207,7 +207,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_security? ( Apache-2.0 )
nginx_modules_http_push_stream? ( GPL-3 )"
-SLOT="0"
+SLOT="mainline"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
@@ -320,7 +320,7 @@ CDEPEND="
RDEPEND="${CDEPEND}
app-misc/mime-types[nginx]
selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
+ !www-servers/nginx:0"
DEPEND="${CDEPEND}
arm? ( dev-libs/libatomic_ops )
libatomic? ( dev-libs/libatomic_ops )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-03 13:30 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2023-07-03 13:30 UTC (permalink / raw
To: gentoo-commits
commit: 646968ecd85f5552b56e98ea1f4bf05a42dd190a
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 3 13:30:39 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jul 3 13:30:39 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=646968ec
www-servers/nginx: Stabilize 1.24.0-r1 arm, #909561
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r1.ebuild
index 8957d37bc64d..0d37bbc2752d 100644
--- a/www-servers/nginx/nginx-1.24.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r1.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-03 13:47 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2023-07-03 13:47 UTC (permalink / raw
To: gentoo-commits
commit: 205a2d06b6500374e448c8fda52562d36c614cc1
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 3 13:46:57 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jul 3 13:46:57 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=205a2d06
www-servers/nginx: Stabilize 1.24.0-r1 amd64, #909561
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r1.ebuild
index 0d37bbc2752d..0ad153af7fb2 100644
--- a/www-servers/nginx/nginx-1.24.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r1.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-04 8:30 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2023-07-04 8:30 UTC (permalink / raw
To: gentoo-commits
commit: d6a3a16edbefead380fc53aa703d5944e0653912
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 4 08:30:08 2023 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Jul 4 08:30:08 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6a3a16e
www-servers/nginx: Stabilize 1.24.0-r1 x86, #909561
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r1.ebuild
index 0ad153af7fb2..76db209c2d57 100644
--- a/www-servers/nginx/nginx-1.24.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r1.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-04 21:27 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-07-04 21:27 UTC (permalink / raw
To: gentoo-commits
commit: efe9732b3487482103cc4d360f50947244a8d20d
Author: Marcin Deranek <marcin.deranek <AT> slonko <DOT> net>
AuthorDate: Tue Jul 4 20:48:19 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Jul 4 21:27:09 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efe9732b
www-servers/nginx: update lua module to 0.10.25
Closes: https://bugs.gentoo.org/909448
Signed-off-by: Marcin Deranek <marcin.deranek <AT> slonko.net>
Closes: https://github.com/gentoo/gentoo/pull/31743
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/{nginx-1.25.1-r1.ebuild => nginx-1.25.1-r2.ebuild} | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 10d3ffc5a462..a46bdcfa451d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -14,6 +14,7 @@ DIST ngx_http_echo-0.63.tar.gz 53421 BLAKE2B 613d4f265b9bcf9b4a44a18749314075e79
DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
DIST ngx_http_headers_more-0.34.tar.gz 28827 BLAKE2B 48badf603b93601b11c837057760f768ef2579062786bb366795617635747b654cecafa3a230eec1a3e442ab768fb068867ceb93385b14b6452b621764acfd3f SHA512 2c0c140feeb29f0154a223dc3020ff956f894d63e0232a7bc0ca33fcb26f8b807bda868159ae30b6cac7456ec25b831c3d299ea18e234202ae5d14c1ff471a4b
+DIST ngx_http_lua-0.10.25.tar.gz 725616 BLAKE2B b7b766adb76d39edf4ed1fcebea4d696c30b53885923c12e06b6417a63ad5c7e7d926bab8c865b5900b92b3b43126b4d30f92ac6ec941e733f197e5295a0f406 SHA512 01943f2b789b4e385592707f2769a5f4da668415ef9bd0c5263face2fb4146a28137fb8ab8b55056240dad034780601b7966913951cc0c77f4b3aa9eab50ae40
DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
DIST ngx_http_naxsi-4140b2ded624eb36f04c783c460379b9403012d0.tar.gz 166325 BLAKE2B f80353bfc1f3fc009b847de1c1c5d623a84682efc588649cbd156f669336c95f337442ebf350c79321bf59477215f083817929f13550b22dc7f393583aa16ba1 SHA512 6d6565189d9fabdcf318270107455bb4915d2a43284fb2f77b5cf025a4b4843e990c1c1dbc254e0f3879ca7d30ac7bcd7eb8637f491d5b7f05193aa9865be7cc
DIST ngx_http_naxsi_libinjection-49904c42a6e68dc8f16c022c693e897e4010a06c.tar.gz 2123473 BLAKE2B 69208f09ca9f10f59f53a3e949894ebc6e51b0ed5708e551759fd8fbc002c83f5a0462fd22eaf52cae290992633729f47403b33c41539437e40700fb7763ac2a SHA512 ed643aaed8d70dae028ec3df48be3aa2c03955073039cd14fb6187bf162cfee9131ab3e5900ddc349526b171f4da0e01e13b39a669cb85838c1f254476a3c1b8
diff --git a/www-servers/nginx/nginx-1.25.1-r1.ebuild b/www-servers/nginx/nginx-1.25.1-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.25.1-r1.ebuild
rename to www-servers/nginx/nginx-1.25.1-r2.ebuild
index 3cb7d2a4b81c..f123cec7a6cb 100644
--- a/www-servers/nginx/nginx-1.25.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.25.1-r2.ebuild
@@ -59,9 +59,9 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_PV="0.10.25"
HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
LUA_COMPAT=( luajit )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-15 0:53 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-07-15 0:53 UTC (permalink / raw
To: gentoo-commits
commit: f13a45929c795f9e4802adb54bfcea1f1c59de01
Author: Anthony Ryan <anthonyryan1 <AT> gmail <DOT> com>
AuthorDate: Thu Jul 13 22:53:44 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Jul 15 00:49:51 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f13a4592
www-servers/nginx: Add USE="ktls" (Kernel TLS offload)
Kernel TLS offload can reduce HTTPS the number of CPU and Memory ops
necessary to send a file over HTTPS.
To activate kTLS you need:
- CONFIG_TLS=y in the kernel
- OpenSSL built with USE="ktls"
- ssl_conf_command Options KTLS; in nginx.conf
After these changes the ebuild will get everything except nginx.conf ready.
Signed-off-by: Anthony Ryan <anthonyryan1 <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/31870
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/metadata.xml | 1 +
www-servers/nginx/nginx-1.25.1-r2.ebuild | 7 ++++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 53e205ae2540..2cd20a68b9fb 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -8,6 +8,7 @@
<flag name="http2">Enable HTTP2 module support</flag>
<flag name="http3">Enable HTTP3 module support</flag>
<flag name="http-cache">Enable HTTP cache support</flag>
+ <flag name="ktls">Enable Kernel TLS offload (kTLS)</flag>
<flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
<flag name="pcre-jit">Enable JIT for pcre</flag>
<flag name="pcre2">Enable support for pcre2</flag>
diff --git a/www-servers/nginx/nginx-1.25.1-r2.ebuild b/www-servers/nginx/nginx-1.25.1-r2.ebuild
index f123cec7a6cb..1093a0399894 100644
--- a/www-servers/nginx/nginx-1.25.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.25.1-r2.ebuild
@@ -252,7 +252,7 @@ NGINX_MODULES_3RD="
stream_javascript
"
-IUSE="aio debug +http +http2 http3 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -298,6 +298,9 @@ CDEPEND="
http-cache? (
dev-libs/openssl:0=
)
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
@@ -328,6 +331,7 @@ BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
nginx_modules_http_grpc? ( http2 )
nginx_modules_http_lua? (
@@ -442,6 +446,7 @@ src_configure() {
use debug && myconf+=( --with-debug )
use http2 && myconf+=( --with-http_v2_module )
use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
use libatomic && myconf+=( --with-libatomic )
use pcre && myconf+=( --with-pcre --without-pcre2 )
use pcre-jit && myconf+=( --with-pcre-jit )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-15 3:10 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2023-07-15 3:10 UTC (permalink / raw
To: gentoo-commits
commit: 4c84df3b4544fa69a7582d45c6e7ccfe4fd2504c
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 15 03:07:48 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 15 03:09:54 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c84df3b
www-servers/nginx: Stabilize 1.24.0-r1 arm64, #909561
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r1.ebuild
index 76db209c2d57..7f18ae87047a 100644
--- a/www-servers/nginx/nginx-1.24.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r1.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 arm ~arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-15 20:37 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-07-15 20:37 UTC (permalink / raw
To: gentoo-commits
commit: b8990fa31c133007f495908e3ae8800faf2260dc
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 15 19:24:45 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Jul 15 19:24:45 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8990fa3
www-servers/nginx: drop 1.23.3, 1.23.4
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 3 -
www-servers/nginx/nginx-1.23.3.ebuild | 1066 ---------------------------------
www-servers/nginx/nginx-1.23.4.ebuild | 1066 ---------------------------------
3 files changed, 2135 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a46bdcfa451d..55f54b5918f2 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,4 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.23.3.tar.gz 1108958 BLAKE2B 5b8980f54e3f662ec6b4f8f0a50305c91081aaba881ef94f3c60e5fced8a79710ff09aae3abda3dce7dbcd460b1a46b1d3c0007d5dc76fbec5c4c2ad91ae7aa7 SHA512 da5f473ac213f8947f40f0a69820bf981157432fe9d29cf71fe30225dadd05f5814309034f0411ea15fb70bece8ceefc0cb0b2588096c1a9496c2a36fa425d9f
-DIST nginx-1.23.4.tar.gz 1112403 BLAKE2B fe9e4256cf092394a485f121d73f3561c0f1f3a72eaf7a279f23ca88d3cc92ae8498b895687dca582f681e621cc99906e86c7c08a3d2dfd73a203af67ce34d4a SHA512 542a53cae32bf5c7d4d09a4940793e603e0b3c7a8a4ca2bcec84e64bc298fcf0e58297338d1ae0cd28889c4a3e359f3f48532b0addaf7d223f796ed81c3054e8
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d719d943d5efe817aa1993b937c110d09e22cdf225ced39d53a15de5c888df28cf71792ecb785f7bfa348fe0c1 SHA512 608db15b3b741881a5e67bb847e550eda5e4c45d2991344eb1ba9c835d24c9d839fdba12b9a97df669bbc933463ac6d940ed31389a5ca38e6c75fc9de0c8d55b
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
@@ -28,5 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
-DIST njs-0.7.8.tar.gz 613161 BLAKE2B f6b10be576119f418cdbe052a0c82b847d1b43278f4f0764ac7a9c7309162bf48fd60b40542b97e43fa925c87817b19785ffc6c83fa0611ca73256932e8481cb SHA512 086ddb2e5189a8853598870b795bfa788e9e75da9d2502541a49314e8149d7c279acca0709c4c517db26611a416dc5fb989be807cf1697c7411aded1bd5b8237
DIST njs-5b463b8050377216ad4197cd1e35bb69b35b77e9.tar.gz 704472 BLAKE2B 1e1182fedad45301202f53e7259944cc86651e27798eca170e44f9772842c57d85855ee8e846019a4357ae0d5eacffc5e77cffaecbb9c9a105eb4d731ccdccdb SHA512 2c0b4a2fa3c9b02f47bcbb677b0646c459d6c64b3156be7ed7cb918b6d4948c5bb9f6f68b8b004291bb44e64bfa0dd04fd7c9b6a8083e9fa4b946ada42d284a5
diff --git a/www-servers/nginx/nginx-1.23.3.ebuild b/www-servers/nginx/nginx-1.23.3.ebuild
deleted file mode 100644
index e86939bd76cf..000000000000
--- a/www-servers/nginx/nginx-1.23.3.ebuild
+++ /dev/null
@@ -1,1066 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.23.4.ebuild b/www-servers/nginx/nginx-1.23.4.ebuild
deleted file mode 100644
index fddd5f090b86..000000000000
--- a/www-servers/nginx/nginx-1.23.4.ebuild
+++ /dev/null
@@ -1,1066 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-07-15 21:14 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-07-15 21:14 UTC (permalink / raw
To: gentoo-commits
commit: 9a99e99ef12da84c312b21a35faeef560081a502
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 15 21:01:33 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Jul 15 21:14:00 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a99e99e
www-servers/nginx: update njs to 0.8.0
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
.../nginx/{nginx-1.25.1-r2.ebuild => nginx-1.25.1-r3.ebuild} | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 55f54b5918f2..4a1e6b466741 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,4 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
-DIST njs-5b463b8050377216ad4197cd1e35bb69b35b77e9.tar.gz 704472 BLAKE2B 1e1182fedad45301202f53e7259944cc86651e27798eca170e44f9772842c57d85855ee8e846019a4357ae0d5eacffc5e77cffaecbb9c9a105eb4d731ccdccdb SHA512 2c0b4a2fa3c9b02f47bcbb677b0646c459d6c64b3156be7ed7cb918b6d4948c5bb9f6f68b8b004291bb44e64bfa0dd04fd7c9b6a8083e9fa4b946ada42d284a5
+DIST njs-0.8.0.tar.gz 715391 BLAKE2B ecba652e8045c93b3eab19e0765c8bc907b55debb0cfce0491d2824f6f60a80321d710b85a694c06d5249f5809f50532d30a6a401b9919b1dda64e50c876410e SHA512 5e5fd3b0aba9d1a0b47207081e59d577cbd3db41e141cfa529526a778bbcd4fec1cd4dacaa1dc63ee07868ccf35f4d4cc465abff831bb03d128b0b1f1b04bb28
diff --git a/www-servers/nginx/nginx-1.25.1-r2.ebuild b/www-servers/nginx/nginx-1.25.1-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.25.1-r2.ebuild
rename to www-servers/nginx/nginx-1.25.1-r3.ebuild
index 1093a0399894..ca4b8d5aa204 100644
--- a/www-servers/nginx/nginx-1.25.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.25.1-r3.ebuild
@@ -159,7 +159,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="5b463b8050377216ad4197cd1e35bb69b35b77e9"
+NJS_MODULE_PV="0.8.0"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -387,6 +387,12 @@ src_prepare() {
cd "${S}" || die
fi
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
if use nginx_modules_http_sticky; then
cd "${HTTP_STICKY_MODULE_WD}" || die
eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-08-15 22:40 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-08-15 22:40 UTC (permalink / raw
To: gentoo-commits
commit: 663d138f8f21da08f8ce31c539f0778ddd075714
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 15 22:35:55 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Aug 15 22:35:55 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=663d138f
www-servers/nginx: add 1.25.2
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.25.2.ebuild | 1078 +++++++++++++++++++++++++++++++++
2 files changed, 1079 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 4a1e6b466741..810aca4b1278 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d719d943d5efe817aa1993b937c110d09e22cdf225ced39d53a15de5c888df28cf71792ecb785f7bfa348fe0c1 SHA512 608db15b3b741881a5e67bb847e550eda5e4c45d2991344eb1ba9c835d24c9d839fdba12b9a97df669bbc933463ac6d940ed31389a5ca38e6c75fc9de0c8d55b
+DIST nginx-1.25.2.tar.gz 1214903 BLAKE2B 546a74c633400e51f6afded396fc36013574dd9ddc6b5f321bd5379c3a27613954de93957268213bc9724943515cab3d23b3965a384c4f71dfb4c759bba49912 SHA512 47da46d823f336432aca6c4cd54c76660af60620518d5c518504033a9fd6b411fd6d41e4aac2c8200311a53f96159aa3da8920145e8ed85596c9c2c14e20cb27
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.25.2.ebuild b/www-servers/nginx/nginx-1.25.2.ebuild
new file mode 100644
index 000000000000..ca4b8d5aa204
--- /dev/null
+++ b/www-servers/nginx/nginx-1.25.2.ebuild
@@ -0,0 +1,1078 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-08-19 22:29 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-08-19 22:29 UTC (permalink / raw
To: gentoo-commits
commit: 11645d822ae38daa46b66f8ac4936e5835cfce55
Author: Dustin Smith <d.usty360 <AT> gmail <DOT> com>
AuthorDate: Thu Aug 17 03:09:37 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Aug 19 22:28:25 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11645d82
www-servers/nginx: update HTTP_METRICS_MODULE_URI
While doing an unrelated thing with nginx, I tried to `pkgdev manifest`
and noticed this package no longer existed at the current URL. I've
updated it to a mirror.
That said, this module seems fairly old (no commits in three years).
Signed-off-by: Dustin Smith <d.usty360 <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/32349
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r1.ebuild | 2 +-
www-servers/nginx/nginx-1.25.1-r3.ebuild | 2 +-
www-servers/nginx/nginx-1.25.2.ebuild | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r1.ebuild
index 7f18ae87047a..a98d8349b137 100644
--- a/www-servers/nginx/nginx-1.24.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r1.ebuild
@@ -80,7 +80,7 @@ HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPS
# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
HTTP_METRICS_MODULE_PV="0.1.1"
HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
diff --git a/www-servers/nginx/nginx-1.25.1-r3.ebuild b/www-servers/nginx/nginx-1.25.1-r3.ebuild
index ca4b8d5aa204..b91d643be7e2 100644
--- a/www-servers/nginx/nginx-1.25.1-r3.ebuild
+++ b/www-servers/nginx/nginx-1.25.1-r3.ebuild
@@ -80,7 +80,7 @@ HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPS
# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
HTTP_METRICS_MODULE_PV="0.1.1"
HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
diff --git a/www-servers/nginx/nginx-1.25.2.ebuild b/www-servers/nginx/nginx-1.25.2.ebuild
index ca4b8d5aa204..b91d643be7e2 100644
--- a/www-servers/nginx/nginx-1.25.2.ebuild
+++ b/www-servers/nginx/nginx-1.25.2.ebuild
@@ -80,7 +80,7 @@ HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPS
# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
HTTP_METRICS_MODULE_PV="0.1.1"
HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-09-29 7:27 WANG Xuerui
0 siblings, 0 replies; 277+ messages in thread
From: WANG Xuerui @ 2023-09-29 7:27 UTC (permalink / raw
To: gentoo-commits
commit: ce1363e451d703ec8cd9208e1ed2807fd24023e1
Author: WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 29 07:22:07 2023 +0000
Commit: WANG Xuerui <xen0n <AT> gentoo <DOT> org>
CommitDate: Fri Sep 29 07:27:21 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce1363e4
www-servers/nginx: keyword 1.25.2 for ~loong
Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
www-servers/nginx/nginx-1.25.2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.2.ebuild b/www-servers/nginx/nginx-1.25.2.ebuild
index b91d643be7e2..94b6089898da 100644
--- a/www-servers/nginx/nginx-1.25.2.ebuild
+++ b/www-servers/nginx/nginx-1.25.2.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-10-24 18:18 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2023-10-24 18:18 UTC (permalink / raw
To: gentoo-commits
commit: 948a44aa6e3b54b8fbd89392fbff7e4858966542
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 24 18:17:59 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Oct 24 18:18:23 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=948a44aa
www-servers/nginx: add 1.25.3
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.25.3.ebuild | 1078 +++++++++++++++++++++++++++++++++
2 files changed, 1080 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 810aca4b1278..9dfb237f7515 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d719d943d5efe817aa1993b937c110d09e22cdf225ced39d53a15de5c888df28cf71792ecb785f7bfa348fe0c1 SHA512 608db15b3b741881a5e67bb847e550eda5e4c45d2991344eb1ba9c835d24c9d839fdba12b9a97df669bbc933463ac6d940ed31389a5ca38e6c75fc9de0c8d55b
DIST nginx-1.25.2.tar.gz 1214903 BLAKE2B 546a74c633400e51f6afded396fc36013574dd9ddc6b5f321bd5379c3a27613954de93957268213bc9724943515cab3d23b3965a384c4f71dfb4c759bba49912 SHA512 47da46d823f336432aca6c4cd54c76660af60620518d5c518504033a9fd6b411fd6d41e4aac2c8200311a53f96159aa3da8920145e8ed85596c9c2c14e20cb27
+DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -28,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
DIST njs-0.8.0.tar.gz 715391 BLAKE2B ecba652e8045c93b3eab19e0765c8bc907b55debb0cfce0491d2824f6f60a80321d710b85a694c06d5249f5809f50532d30a6a401b9919b1dda64e50c876410e SHA512 5e5fd3b0aba9d1a0b47207081e59d577cbd3db41e141cfa529526a778bbcd4fec1cd4dacaa1dc63ee07868ccf35f4d4cc465abff831bb03d128b0b1f1b04bb28
+DIST njs-0.8.2.tar.gz 733916 BLAKE2B 08dcaae18d5bf9b4294cb49d001549d5476176599a45c84d255f456ebbf16dad40a33be18c48f303984f7fce1fc0c397b454ffaf71f985ae9ff55e81e63cb2fd SHA512 2fdaa1953d0ea9f639fcba1077b47a98c58f9d287d4c41b2551b1540279c7e4549c254f86b38ddd81b7d69adaf13bd7dd86e8d75da1c432f0d096285aa3f2363
diff --git a/www-servers/nginx/nginx-1.25.3.ebuild b/www-servers/nginx/nginx-1.25.3.ebuild
new file mode 100644
index 000000000000..b52cf0fb7a58
--- /dev/null
+++ b/www-servers/nginx/nginx-1.25.3.ebuild
@@ -0,0 +1,1078 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-11-22 11:38 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2023-11-22 11:38 UTC (permalink / raw
To: gentoo-commits
commit: 5556c6e4683c80d27c4583e13aa3bc21e9a6c05e
Author: Alfred Wingate <parona <AT> protonmail <DOT> com>
AuthorDate: Sun Oct 8 09:51:34 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov 22 11:31:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5556c6e4
www-servers/nginx: add tests
Closes: https://bugs.gentoo.org/906078
Signed-off-by: Alfred Wingate <parona <AT> protonmail.com>
Closes: https://github.com/gentoo/gentoo/pull/33260
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.24.0-r2.ebuild | 1100 +++++++++++++++++++++++++++++
www-servers/nginx/nginx-1.25.3-r1.ebuild | 1112 ++++++++++++++++++++++++++++++
3 files changed, 2213 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9dfb237f7515..53ec5a00eaa0 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d
DIST nginx-1.25.2.tar.gz 1214903 BLAKE2B 546a74c633400e51f6afded396fc36013574dd9ddc6b5f321bd5379c3a27613954de93957268213bc9724943515cab3d23b3965a384c4f71dfb4c759bba49912 SHA512 47da46d823f336432aca6c4cd54c76660af60620518d5c518504033a9fd6b411fd6d41e4aac2c8200311a53f96159aa3da8920145e8ed85596c9c2c14e20cb27
DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
+DIST nginx-tests-24482e311749.tar.gz 282605 BLAKE2B 987b3a224966fbe44ccdd0375aa6b09b683738b6531599259cbea03491c056e4f4dd8e67b6f51555db936e8f0e93cfc669d8a884082d6015c5fd5f8b2dcf6207 SHA512 80d163226bdbfcf4bd8556316a1dcc5b048fa87357f83f5cac3b13917043dad0c96b9bc67ac886b421cc4954ddf7603256fe77d85fda406f8ed8c9231fc1cf3e
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r2.ebuild
new file mode 100644
index 000000000000..bb53b28c567f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.24.0-r2.ebuild
@@ -0,0 +1,1100 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.12"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="24482e311749"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+
+RESTRICT="!test? ( test )"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
diff --git a/www-servers/nginx/nginx-1.25.3-r1.ebuild b/www-servers/nginx/nginx-1.25.3-r1.ebuild
new file mode 100644
index 000000000000..8bb57ea46b9a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.25.3-r1.ebuild
@@ -0,0 +1,1112 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="24482e311749"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+
+RESTRICT="!test? ( test )"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-12-01 20:04 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-12-01 20:04 UTC (permalink / raw
To: gentoo-commits
commit: 981b2184b73b6538b6c92763dabb02391a82e586
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 1 20:03:56 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 1 20:03:56 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=981b2184
www-servers/nginx: Stabilize 1.25.3 x86, #918976
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.3.ebuild b/www-servers/nginx/nginx-1.25.3.ebuild
index b8faaa8ab3e6..66b276487fcd 100644
--- a/www-servers/nginx/nginx-1.25.3.ebuild
+++ b/www-servers/nginx/nginx-1.25.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-12-01 20:04 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-12-01 20:04 UTC (permalink / raw
To: gentoo-commits
commit: 3cb38eb25c7a193e5a58c7aa91cecadd1c5de3ed
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 1 20:03:47 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 1 20:03:47 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cb38eb2
www-servers/nginx: Stabilize 1.25.3 arm, #918976
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.3.ebuild b/www-servers/nginx/nginx-1.25.3.ebuild
index b52cf0fb7a58..ea7358386c1d 100644
--- a/www-servers/nginx/nginx-1.25.3.ebuild
+++ b/www-servers/nginx/nginx-1.25.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-12-01 20:04 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-12-01 20:04 UTC (permalink / raw
To: gentoo-commits
commit: 06b8dc81a42d17788014fc3270f5a8acdc55af40
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 1 20:03:53 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 1 20:03:53 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06b8dc81
www-servers/nginx: Stabilize 1.25.3 amd64, #918976
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.3.ebuild b/www-servers/nginx/nginx-1.25.3.ebuild
index 765d8d5506df..b8faaa8ab3e6 100644
--- a/www-servers/nginx/nginx-1.25.3.ebuild
+++ b/www-servers/nginx/nginx-1.25.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2023-12-01 20:04 Arthur Zamarin
0 siblings, 0 replies; 277+ messages in thread
From: Arthur Zamarin @ 2023-12-01 20:04 UTC (permalink / raw
To: gentoo-commits
commit: 63f26e2067f98c4f538df1673905f144535f3136
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 1 20:03:50 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 1 20:03:50 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63f26e20
www-servers/nginx: Stabilize 1.25.3 arm64, #918976
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.3.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.3.ebuild b/www-servers/nginx/nginx-1.25.3.ebuild
index ea7358386c1d..765d8d5506df 100644
--- a/www-servers/nginx/nginx-1.25.3.ebuild
+++ b/www-servers/nginx/nginx-1.25.3.ebuild
@@ -208,7 +208,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
# Package doesn't provide a real test suite
RESTRICT="test"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-02-15 13:17 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2024-02-15 13:17 UTC (permalink / raw
To: gentoo-commits
commit: c67aacaa0cdf0181c71042f49dce7dc8b23c2e08
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Feb 15 04:03:04 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Feb 15 13:17:10 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c67aacaa
www-servers/nginx: add 1.25.4
Bug: https://bugs.gentoo.org/924619
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.25.4.ebuild | 1112 +++++++++++++++++++++++++++++++++
2 files changed, 1113 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 53ec5a00eaa0..aa0cb7d15283 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981
DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d719d943d5efe817aa1993b937c110d09e22cdf225ced39d53a15de5c888df28cf71792ecb785f7bfa348fe0c1 SHA512 608db15b3b741881a5e67bb847e550eda5e4c45d2991344eb1ba9c835d24c9d839fdba12b9a97df669bbc933463ac6d940ed31389a5ca38e6c75fc9de0c8d55b
DIST nginx-1.25.2.tar.gz 1214903 BLAKE2B 546a74c633400e51f6afded396fc36013574dd9ddc6b5f321bd5379c3a27613954de93957268213bc9724943515cab3d23b3965a384c4f71dfb4c759bba49912 SHA512 47da46d823f336432aca6c4cd54c76660af60620518d5c518504033a9fd6b411fd6d41e4aac2c8200311a53f96159aa3da8920145e8ed85596c9c2c14e20cb27
DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
+DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-24482e311749.tar.gz 282605 BLAKE2B 987b3a224966fbe44ccdd0375aa6b09b683738b6531599259cbea03491c056e4f4dd8e67b6f51555db936e8f0e93cfc669d8a884082d6015c5fd5f8b2dcf6207 SHA512 80d163226bdbfcf4bd8556316a1dcc5b048fa87357f83f5cac3b13917043dad0c96b9bc67ac886b421cc4954ddf7603256fe77d85fda406f8ed8c9231fc1cf3e
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
new file mode 100644
index 000000000000..923e5b59577a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -0,0 +1,1112 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="24482e311749"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+
+RESTRICT="!test? ( test )"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-02-15 13:17 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2024-02-15 13:17 UTC (permalink / raw
To: gentoo-commits
commit: 5a802f9f884d288786c64e9453264da0f5b24663
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Feb 15 04:06:19 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Feb 15 13:17:10 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a802f9f
www-servers/nginx: drop 1.25.1-r3, 1.25.2
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/35337
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/Manifest | 3 -
www-servers/nginx/nginx-1.25.1-r3.ebuild | 1078 ------------------------------
www-servers/nginx/nginx-1.25.2.ebuild | 1078 ------------------------------
3 files changed, 2159 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index aa0cb7d15283..506484a929fb 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,5 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
-DIST nginx-1.25.1.tar.gz 1213919 BLAKE2B 70716deb2b1982c77bc5e710039c4207bf4d95d719d943d5efe817aa1993b937c110d09e22cdf225ced39d53a15de5c888df28cf71792ecb785f7bfa348fe0c1 SHA512 608db15b3b741881a5e67bb847e550eda5e4c45d2991344eb1ba9c835d24c9d839fdba12b9a97df669bbc933463ac6d940ed31389a5ca38e6c75fc9de0c8d55b
-DIST nginx-1.25.2.tar.gz 1214903 BLAKE2B 546a74c633400e51f6afded396fc36013574dd9ddc6b5f321bd5379c3a27613954de93957268213bc9724943515cab3d23b3965a384c4f71dfb4c759bba49912 SHA512 47da46d823f336432aca6c4cd54c76660af60620518d5c518504033a9fd6b411fd6d41e4aac2c8200311a53f96159aa3da8920145e8ed85596c9c2c14e20cb27
DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
@@ -30,5 +28,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
-DIST njs-0.8.0.tar.gz 715391 BLAKE2B ecba652e8045c93b3eab19e0765c8bc907b55debb0cfce0491d2824f6f60a80321d710b85a694c06d5249f5809f50532d30a6a401b9919b1dda64e50c876410e SHA512 5e5fd3b0aba9d1a0b47207081e59d577cbd3db41e141cfa529526a778bbcd4fec1cd4dacaa1dc63ee07868ccf35f4d4cc465abff831bb03d128b0b1f1b04bb28
DIST njs-0.8.2.tar.gz 733916 BLAKE2B 08dcaae18d5bf9b4294cb49d001549d5476176599a45c84d255f456ebbf16dad40a33be18c48f303984f7fce1fc0c397b454ffaf71f985ae9ff55e81e63cb2fd SHA512 2fdaa1953d0ea9f639fcba1077b47a98c58f9d287d4c41b2551b1540279c7e4549c254f86b38ddd81b7d69adaf13bd7dd86e8d75da1c432f0d096285aa3f2363
diff --git a/www-servers/nginx/nginx-1.25.1-r3.ebuild b/www-servers/nginx/nginx-1.25.1-r3.ebuild
deleted file mode 100644
index b91d643be7e2..000000000000
--- a/www-servers/nginx/nginx-1.25.1-r3.ebuild
+++ /dev/null
@@ -1,1078 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.25.2.ebuild b/www-servers/nginx/nginx-1.25.2.ebuild
deleted file mode 100644
index 94b6089898da..000000000000
--- a/www-servers/nginx/nginx-1.25.2.ebuild
+++ /dev/null
@@ -1,1078 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-02-15 19:43 Jakov Smolić
0 siblings, 0 replies; 277+ messages in thread
From: Jakov Smolić @ 2024-02-15 19:43 UTC (permalink / raw
To: gentoo-commits
commit: dc4120637d319b49cb698aec1c339e79ffdb89b1
Author: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 15 19:43:07 2024 +0000
Commit: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Thu Feb 15 19:43:07 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc412063
www-servers/nginx: Keyword 1.25.4 riscv, #924662
Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 923e5b59577a..699b94aec7f7 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-02-15 21:15 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-02-15 21:15 UTC (permalink / raw
To: gentoo-commits
commit: 81085db4d8fa6477aed3cc144c25706c8b66af05
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 15 21:14:33 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 15 21:14:33 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81085db4
www-servers/nginx: Keyword 1.25.4 ppc64, #924662
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 699b94aec7f7..27f9af0e0264 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-02-16 11:38 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2024-02-16 11:38 UTC (permalink / raw
To: gentoo-commits
commit: 8c56729acb8f87df49c0226099554fdacb4127f0
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 16 11:14:50 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Feb 16 11:37:35 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c56729a
www-servers/nginx: re-add dropped keywords
- use.mask [test] via profiles instead.
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/nginx-1.25.3-r1.ebuild | 4 ++--
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/nginx-1.25.3-r1.ebuild b/www-servers/nginx/nginx-1.25.3-r1.ebuild
index 8bb57ea46b9a..4e7603cd13f8 100644
--- a/www-servers/nginx/nginx-1.25.3-r1.ebuild
+++ b/www-servers/nginx/nginx-1.25.3-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 27f9af0e0264..25a807d6806b 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 11:08 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-17 11:08 UTC (permalink / raw
To: gentoo-commits
commit: 05747a18a679a8b2c4d2dde77b7bc323bb444882
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 11:05:38 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 11:05:38 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05747a18
www-servers/nginx: add 1.25.5
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.25.5.ebuild | 1112 +++++++++++++++++++++++++++++++++
2 files changed, 1114 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 506484a929fb..f35411327640 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
+DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-24482e311749.tar.gz 282605 BLAKE2B 987b3a224966fbe44ccdd0375aa6b09b683738b6531599259cbea03491c056e4f4dd8e67b6f51555db936e8f0e93cfc669d8a884082d6015c5fd5f8b2dcf6207 SHA512 80d163226bdbfcf4bd8556316a1dcc5b048fa87357f83f5cac3b13917043dad0c96b9bc67ac886b421cc4954ddf7603256fe77d85fda406f8ed8c9231fc1cf3e
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -29,3 +30,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
DIST njs-0.8.2.tar.gz 733916 BLAKE2B 08dcaae18d5bf9b4294cb49d001549d5476176599a45c84d255f456ebbf16dad40a33be18c48f303984f7fce1fc0c397b454ffaf71f985ae9ff55e81e63cb2fd SHA512 2fdaa1953d0ea9f639fcba1077b47a98c58f9d287d4c41b2551b1540279c7e4549c254f86b38ddd81b7d69adaf13bd7dd86e8d75da1c432f0d096285aa3f2363
+DIST njs-0.8.4.tar.gz 743910 BLAKE2B cad96f0e7ccac928506bc7822310750921b7ebb1ed87903a6335988b3e42b264179b699455439140c80afd9f93ecb63877cc7327919ebb29d7ad391e9d378367 SHA512 450f6866141f6f370767149c8749e84c4373f401d6d2237ca85365a851ebe7bdbd8a3c25e85a55747673e8bef2238a979dd237d5fc5c641b2f3f2cf7f26dffc8
diff --git a/www-servers/nginx/nginx-1.25.5.ebuild b/www-servers/nginx/nginx-1.25.5.ebuild
new file mode 100644
index 000000000000..f5bb4dfa7402
--- /dev/null
+++ b/www-servers/nginx/nginx-1.25.5.ebuild
@@ -0,0 +1,1112 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="24482e311749"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+RESTRICT="!test? ( test )"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 22:01 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-17 22:01 UTC (permalink / raw
To: gentoo-commits
commit: 714134304536f7025dd89f3d99899a77813b9933
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 22:01:30 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 22:01:30 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71413430
www-servers/nginx: Keyword 1.24.0-r2 arm64, #930135
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r2.ebuild | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r2.ebuild
index bb53b28c567f..6c3dae5541f6 100644
--- a/www-servers/nginx/nginx-1.24.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm64 ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 22:10 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-17 22:10 UTC (permalink / raw
To: gentoo-commits
commit: c4021f2134b147510c94975231771bc9c7664086
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 22:09:35 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 22:09:35 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4021f21
www-servers/nginx: Stabilize 1.25.4 arm, #928619
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 25a807d6806b..0adb29bc3c3b 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 22:10 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-17 22:10 UTC (permalink / raw
To: gentoo-commits
commit: 61069e17a1e95f312bb4d09dae469ab7b8ca2ece
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 22:09:36 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 22:09:36 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61069e17
www-servers/nginx: Keyword 1.24.0-r2 ppc, #930135
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r2.ebuild
index 6c3dae5541f6..07d4a919c1e7 100644
--- a/www-servers/nginx/nginx-1.24.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r2.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm64 ~ppc ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 22:10 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-17 22:10 UTC (permalink / raw
To: gentoo-commits
commit: ef2f87dce6294ebcf6c61c209b57711331e41e60
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 22:09:38 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 22:09:38 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef2f87dc
www-servers/nginx: Keyword 1.24.0-r2 arm, #930135
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r2.ebuild
index 07d4a919c1e7..2671f5576db7 100644
--- a/www-servers/nginx/nginx-1.24.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r2.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~ppc ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 23:20 Yixun Lan
0 siblings, 0 replies; 277+ messages in thread
From: Yixun Lan @ 2024-04-17 23:20 UTC (permalink / raw
To: gentoo-commits
commit: 0499fc6d9c7d1fd3ed198f728e83f28ed8781cc6
Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 23:19:37 2024 +0000
Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 23:19:37 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0499fc6d
www-servers/nginx: Keyword 1.24.0-r2 riscv, #930135
Signed-off-by: Yixun Lan <dlan <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r2.ebuild
index 2671f5576db7..18a7c23a6c61 100644
--- a/www-servers/nginx/nginx-1.24.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r2.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 23:29 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-17 23:29 UTC (permalink / raw
To: gentoo-commits
commit: 64a12ebe8c607015009fb4b905356928c1ecb554
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 23:28:28 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 23:28:28 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64a12ebe
www-servers/nginx: Stabilize 1.25.4 amd64, #928619
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 0adb29bc3c3b..708a7a404422 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="~amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-17 23:35 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-17 23:35 UTC (permalink / raw
To: gentoo-commits
commit: 7a995a7776ae16d1e4556567e51251e41b5b20bb
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 23:35:02 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 23:35:02 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a995a77
www-servers/nginx: Stabilize 1.25.4 x86, #928619
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 708a7a404422..6e81dcda84b8 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-19 11:26 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-04-19 11:26 UTC (permalink / raw
To: gentoo-commits
commit: 87459e84cf7c176532b4c9f3cb1e209f414b9b81
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 19 11:26:33 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Apr 19 11:26:33 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87459e84
www-servers/nginx: Stabilize 1.25.4 arm64, #928619
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index 6e81dcda84b8..f447f92cc70b 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="mainline"
-KEYWORDS="amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-23 22:47 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-23 22:47 UTC (permalink / raw
To: gentoo-commits
commit: 2a1ab363d6aaddec99e05695a76dedcbdca92c75
Author: sqozz <sqozz-git <AT> geekify <DOT> de>
AuthorDate: Fri Apr 19 22:53:13 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Apr 23 22:47:39 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a1ab363
www-servers/nginx: bump nginx-vod module version
Signed-off-by: sqozz <sqozz-git <AT> geekify.de>
Closes: https://github.com/gentoo/gentoo/pull/36326
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/nginx-1.25.5.ebuild | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index aef06aa37229..09fd7592563e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,7 +5,7 @@ DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf43
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-24482e311749.tar.gz 282605 BLAKE2B 987b3a224966fbe44ccdd0375aa6b09b683738b6531599259cbea03491c056e4f4dd8e67b6f51555db936e8f0e93cfc669d8a884082d6015c5fd5f8b2dcf6207 SHA512 80d163226bdbfcf4bd8556316a1dcc5b048fa87357f83f5cac3b13917043dad0c96b9bc67ac886b421cc4954ddf7603256fe77d85fda406f8ed8c9231fc1cf3e
-DIST nginx-vod-module-1.28.tar.gz 465594 BLAKE2B bb33c54fd6e553901cb40f3bf08bcb845cb599caf181c2d46ffe084500e09bc3caba750d8194a4b5721ec4c5c68b1bed8cdd04dcd9f7669435be3b5a830041e5 SHA512 389137124a3d046b99faabb977b5dbcf7c84541e039da27dfcca6b863d6d7f99e4b42916be1d7202bad017a88973c2f931985c2c58243f5134b7d9d199cdff0c
+DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
diff --git a/www-servers/nginx/nginx-1.25.5.ebuild b/www-servers/nginx/nginx-1.25.5.ebuild
index 3984a1062e25..8923a49bc6fd 100644
--- a/www-servers/nginx/nginx-1.25.5.ebuild
+++ b/www-servers/nginx/nginx-1.25.5.ebuild
@@ -154,7 +154,7 @@ HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LD
HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
# nginx-vod-module (https://github.com/kaltura/nginx-vod-module, AGPL-3+)
-HTTP_VOD_MODULE_PV="1.28"
+HTTP_VOD_MODULE_PV="1.33"
HTTP_VOD_MODULE_P="nginx-vod-module-${HTTP_VOD_MODULE_PV}"
HTTP_VOD_MODULE_URI="https://github.com/kaltura/nginx-vod-module/archive/${HTTP_VOD_MODULE_PV}.tar.gz"
HTTP_VOD_MODULE_WD="${WORKDIR}/nginx-vod-module-${HTTP_VOD_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-23 22:47 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-23 22:47 UTC (permalink / raw
To: gentoo-commits
commit: 51a1581c11d7ba8fc33b629c2c28d75717e29e51
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 23 22:47:04 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Apr 23 22:47:39 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51a1581c
www-servers/nginx: add 1.26.0
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.26.0.ebuild | 1133 +++++++++++++++++++++++++++++++++
2 files changed, 1134 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f418d439d51c..c1286cd73293 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981
DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
+DIST nginx-1.26.0.tar.gz 1244118 BLAKE2B a1c58ceda5599f5a02bd7992e9b2cc9f46f5655e4ca1bc8e9d2cae3b9837c72f37f5a83a9f7559861fb6ef8cad165a3e267ec67b20de18901314ac975dbdcbb4 SHA512 1f604a4a29f1b74eb56de7f1d8b0e5610fa055280b4ad2d3550c56926460de24da81b17485cffb358d8814061d4a9db1e0e5079af7921f1dc329e283e2775791
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
diff --git a/www-servers/nginx/nginx-1.26.0.ebuild b/www-servers/nginx/nginx-1.26.0.ebuild
new file mode 100644
index 000000000000..f6b48a38a163
--- /dev/null
+++ b/www-servers/nginx/nginx-1.26.0.ebuild
@@ -0,0 +1,1133 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# nginx-vod-module (https://github.com/kaltura/nginx-vod-module, AGPL-3+)
+HTTP_VOD_MODULE_PV="1.33"
+HTTP_VOD_MODULE_P="nginx-vod-module-${HTTP_VOD_MODULE_PV}"
+HTTP_VOD_MODULE_URI="https://github.com/kaltura/nginx-vod-module/archive/${HTTP_VOD_MODULE_PV}.tar.gz"
+HTTP_VOD_MODULE_WD="${WORKDIR}/nginx-vod-module-${HTTP_VOD_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="0b5ec15c62ed"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_http_vod? ( ${HTTP_VOD_MODULE_URI} -> ${HTTP_VOD_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+RESTRICT="!test? ( test )"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ http_vod
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_http_vod? ( media-video/ffmpeg:0= )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )
+ nginx_modules_http_vod? ( threads )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if use nginx_modules_http_vod; then
+ http_enabled=1
+ export HTTP_POSTPONE=no
+ myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+
+ if use nginx_modules_http_vod; then
+ docinto ${HTTP_VOD_MODULE_P}
+ dodoc "${HTTP_VOD_MODULE_WD}"/{CHANGELOG,README}.md
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-23 22:47 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-23 22:47 UTC (permalink / raw
To: gentoo-commits
commit: 5c308161291cf4715a78e5ac9076c228e1929e53
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 23 22:40:35 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Apr 23 22:47:39 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c308161
www-servers/nginx: update test suite
Closes: https://bugs.gentoo.org/924657
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/nginx-1.24.0-r2.ebuild | 2 +-
www-servers/nginx/nginx-1.25.3-r1.ebuild | 2 +-
www-servers/nginx/nginx-1.25.4.ebuild | 2 +-
www-servers/nginx/nginx-1.25.5.ebuild | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 09fd7592563e..f418d439d51c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,7 +4,7 @@ DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
-DIST nginx-tests-24482e311749.tar.gz 282605 BLAKE2B 987b3a224966fbe44ccdd0375aa6b09b683738b6531599259cbea03491c056e4f4dd8e67b6f51555db936e8f0e93cfc669d8a884082d6015c5fd5f8b2dcf6207 SHA512 80d163226bdbfcf4bd8556316a1dcc5b048fa87357f83f5cac3b13917043dad0c96b9bc67ac886b421cc4954ddf7603256fe77d85fda406f8ed8c9231fc1cf3e
+DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r2.ebuild
index 18a7c23a6c61..6317d68bd59b 100644
--- a/www-servers/nginx/nginx-1.24.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r2.ebuild
@@ -166,7 +166,7 @@ NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="24482e311749"
+NGINX_TESTS_REV="0b5ec15c62ed"
# We handle deps below ourselves
SSL_DEPS_SKIP=1
diff --git a/www-servers/nginx/nginx-1.25.3-r1.ebuild b/www-servers/nginx/nginx-1.25.3-r1.ebuild
index 4e7603cd13f8..793df92dfcb6 100644
--- a/www-servers/nginx/nginx-1.25.3-r1.ebuild
+++ b/www-servers/nginx/nginx-1.25.3-r1.ebuild
@@ -166,7 +166,7 @@ NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="24482e311749"
+NGINX_TESTS_REV="0b5ec15c62ed"
# We handle deps below ourselves
SSL_DEPS_SKIP=1
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4.ebuild
index f447f92cc70b..62890ab03666 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4.ebuild
@@ -166,7 +166,7 @@ NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="24482e311749"
+NGINX_TESTS_REV="0b5ec15c62ed"
# We handle deps below ourselves
SSL_DEPS_SKIP=1
diff --git a/www-servers/nginx/nginx-1.25.5.ebuild b/www-servers/nginx/nginx-1.25.5.ebuild
index 8923a49bc6fd..631386626414 100644
--- a/www-servers/nginx/nginx-1.25.5.ebuild
+++ b/www-servers/nginx/nginx-1.25.5.ebuild
@@ -172,7 +172,7 @@ NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="24482e311749"
+NGINX_TESTS_REV="0b5ec15c62ed"
# We handle deps below ourselves
SSL_DEPS_SKIP=1
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-24 12:42 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-24 12:42 UTC (permalink / raw
To: gentoo-commits
commit: cd07ea97ad320a0ca7bbcb12d9887d01493d0f93
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 12:37:56 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 12:41:47 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd07ea97
www-servers/nginx: update njs to 0.8.4
Closes: https://bugs.gentoo.org/930561
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/{nginx-1.24.0-r1.ebuild => nginx-1.24.0-r3.ebuild} | 4 ++--
www-servers/nginx/{nginx-1.24.0-r2.ebuild => nginx-1.24.0-r4.ebuild} | 2 +-
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c1286cd73293..86cea68b3d99 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -30,6 +30,5 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
-DIST njs-0.7.12.tar.gz 662554 BLAKE2B 3e925dbbd5e664fc083b3147b6fa353744ab45b50cb2d3feb3f1cf5a4c024440c24b7af08e8a285db7b8e4b48efc776a8a1cb78c6d7ff79d011e127a61e09f6c SHA512 a65a6c6aa3fbd499536284f8d8610f61b87112156885e6c3b1f73872df22195af897766f266b4569098a70e1680aef66594da17d13519f16687b4e43dce49062
DIST njs-0.8.2.tar.gz 733916 BLAKE2B 08dcaae18d5bf9b4294cb49d001549d5476176599a45c84d255f456ebbf16dad40a33be18c48f303984f7fce1fc0c397b454ffaf71f985ae9ff55e81e63cb2fd SHA512 2fdaa1953d0ea9f639fcba1077b47a98c58f9d287d4c41b2551b1540279c7e4549c254f86b38ddd81b7d69adaf13bd7dd86e8d75da1c432f0d096285aa3f2363
DIST njs-0.8.4.tar.gz 743910 BLAKE2B cad96f0e7ccac928506bc7822310750921b7ebb1ed87903a6335988b3e42b264179b699455439140c80afd9f93ecb63877cc7327919ebb29d7ad391e9d378367 SHA512 450f6866141f6f370767149c8749e84c4373f401d6d2237ca85365a851ebe7bdbd8a3c25e85a55747673e8bef2238a979dd237d5fc5c641b2f3f2cf7f26dffc8
diff --git a/www-servers/nginx/nginx-1.24.0-r1.ebuild b/www-servers/nginx/nginx-1.24.0-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.24.0-r1.ebuild
rename to www-servers/nginx/nginx-1.24.0-r3.ebuild
index a98d8349b137..9f79279f01b1 100644
--- a/www-servers/nginx/nginx-1.24.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -159,7 +159,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.12"
+NJS_MODULE_PV="0.8.4"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
diff --git a/www-servers/nginx/nginx-1.24.0-r2.ebuild b/www-servers/nginx/nginx-1.24.0-r4.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.24.0-r2.ebuild
rename to www-servers/nginx/nginx-1.24.0-r4.ebuild
index 6317d68bd59b..a80e3d7512fe 100644
--- a/www-servers/nginx/nginx-1.24.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r4.ebuild
@@ -160,7 +160,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.7.12"
+NJS_MODULE_PV="0.8.4"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-24 12:42 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-24 12:42 UTC (permalink / raw
To: gentoo-commits
commit: cf4dd40ab44f6407164eeee7d5189602b7f295be
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 12:38:37 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 12:41:47 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf4dd40a
www-servers/nginx: drop 1.25.3, 1.25.3-r1
Bug: https://bugs.gentoo.org/924619
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.25.3-r1.ebuild | 1112 ------------------------------
www-servers/nginx/nginx-1.25.3.ebuild | 1078 -----------------------------
3 files changed, 2191 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 86cea68b3d99..7b47476b9ede 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
-DIST nginx-1.25.3.tar.gz 1216580 BLAKE2B f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4 SHA512 46fcbf6b540a2e47f192453b9686a701e3abe5a41a3275e36c9fca6c3f9ef0aa8d705cc5ad63257d662a5432109e4ce125d330cdeb547914bceac19e885dba1f
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-1.26.0.tar.gz 1244118 BLAKE2B a1c58ceda5599f5a02bd7992e9b2cc9f46f5655e4ca1bc8e9d2cae3b9837c72f37f5a83a9f7559861fb6ef8cad165a3e267ec67b20de18901314ac975dbdcbb4 SHA512 1f604a4a29f1b74eb56de7f1d8b0e5610fa055280b4ad2d3550c56926460de24da81b17485cffb358d8814061d4a9db1e0e5079af7921f1dc329e283e2775791
diff --git a/www-servers/nginx/nginx-1.25.3-r1.ebuild b/www-servers/nginx/nginx-1.25.3-r1.ebuild
deleted file mode 100644
index 793df92dfcb6..000000000000
--- a/www-servers/nginx/nginx-1.25.3-r1.ebuild
+++ /dev/null
@@ -1,1112 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - Update NGINX_TESTS_REV to the current available revision and run tests.
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="0b5ec15c62ed"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~x86 ~amd64-linux ~x86-linux"
-
-RESTRICT="!test? ( test )"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- test? (
- dev-lang/perl
- dev-perl/Cache-Memcached
- dev-perl/Cache-Memcached-Fast
- dev-perl/CryptX
- dev-perl/FCGI
- dev-perl/GD
- dev-perl/Net-SSLeay
- )"
-# Unpackaged perl modules which would be used by tests
-# Protocol::WebSocket
-# SCGI
-
-# Uwsgi doesn't start in tests
-# www-servers/uwsgi
-
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-src_test() {
- pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
-
- # FIXME: unsure why uwsgi fails to start
- rm uwsgi*.t || die
-
- local -x TEST_NGINX_BINARY="${S}/objs/nginx"
- local -x TEST_NGINX_VERBOSE=1
-
- prove -v -j $(makeopts_jobs) . || die
- popd > /dev/null || die
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.25.3.ebuild b/www-servers/nginx/nginx-1.25.3.ebuild
deleted file mode 100644
index 66b276487fcd..000000000000
--- a/www-servers/nginx/nginx-1.25.3.ebuild
+++ /dev/null
@@ -1,1078 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-04-24 12:42 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-04-24 12:42 UTC (permalink / raw
To: gentoo-commits
commit: d51c27fec837b86c5709e6fa39e4a50e4829688d
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 12:41:12 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 12:41:47 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d51c27fe
www-servers/nginx: update njs to 0.8.4
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/{nginx-1.25.4.ebuild => nginx-1.25.4-r1.ebuild} | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 7b47476b9ede..5293061d3896 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,5 +29,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
-DIST njs-0.8.2.tar.gz 733916 BLAKE2B 08dcaae18d5bf9b4294cb49d001549d5476176599a45c84d255f456ebbf16dad40a33be18c48f303984f7fce1fc0c397b454ffaf71f985ae9ff55e81e63cb2fd SHA512 2fdaa1953d0ea9f639fcba1077b47a98c58f9d287d4c41b2551b1540279c7e4549c254f86b38ddd81b7d69adaf13bd7dd86e8d75da1c432f0d096285aa3f2363
DIST njs-0.8.4.tar.gz 743910 BLAKE2B cad96f0e7ccac928506bc7822310750921b7ebb1ed87903a6335988b3e42b264179b699455439140c80afd9f93ecb63877cc7327919ebb29d7ad391e9d378367 SHA512 450f6866141f6f370767149c8749e84c4373f401d6d2237ca85365a851ebe7bdbd8a3c25e85a55747673e8bef2238a979dd237d5fc5c641b2f3f2cf7f26dffc8
diff --git a/www-servers/nginx/nginx-1.25.4.ebuild b/www-servers/nginx/nginx-1.25.4-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.25.4.ebuild
rename to www-servers/nginx/nginx-1.25.4-r1.ebuild
index 62890ab03666..da685a0b5902 100644
--- a/www-servers/nginx/nginx-1.25.4.ebuild
+++ b/www-servers/nginx/nginx-1.25.4-r1.ebuild
@@ -160,7 +160,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.2"
+NJS_MODULE_PV="0.8.4"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-24 2:46 Ionen Wolkens
0 siblings, 0 replies; 277+ messages in thread
From: Ionen Wolkens @ 2024-05-24 2:46 UTC (permalink / raw
To: gentoo-commits
commit: 9556e313bc89adadc4c8cccb48d66d83092e5b39
Author: Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Thu May 23 22:05:57 2024 +0000
Commit: Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Fri May 24 02:45:18 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9556e313
www-servers/nginx: Keyword 1.24.0-r4 ppc64, #930135
Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>
www-servers/nginx/nginx-1.24.0-r4.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.24.0-r4.ebuild b/www-servers/nginx/nginx-1.24.0-r4.ebuild
index a80e3d7512fe..148b7014abd6 100644
--- a/www-servers/nginx/nginx-1.24.0-r4.ebuild
+++ b/www-servers/nginx/nginx-1.24.0-r4.ebuild
@@ -213,7 +213,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-29 22:58 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-05-29 22:58 UTC (permalink / raw
To: gentoo-commits
commit: 2655953e769fc13dd7cc1b8338bffd0c8b17be9b
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed May 29 22:56:55 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed May 29 22:56:55 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2655953e
www-servers/nginx: add 1.27.0
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 +
www-servers/nginx/nginx-1.27.0.ebuild | 1133 +++++++++++++++++++++++++++++++++
2 files changed, 1134 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9ccdf6a0fa6f..147ade760266 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-1.26.1.tar.gz 1244738 BLAKE2B 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679 SHA512 dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37
+DIST nginx-1.27.0.tar.gz 1244887 BLAKE2B 035ec8d44f7f7df9b0c77e97e353a579642b75f905c1a6be5caf5ff952be9cae7ccc14c0bfce5ab148a11799d308225e9b7155458905b624c12acd09c03dfa44 SHA512 251bfe65c717a8027ef05caae2ab2ea73b9b544577f539a1d419fe6adf0bcc846b73b58f54ea3f102df79aaf340e4fa56793ddadea3cd61bcbbe2364ef94bacb
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
diff --git a/www-servers/nginx/nginx-1.27.0.ebuild b/www-servers/nginx/nginx-1.27.0.ebuild
new file mode 100644
index 000000000000..631386626414
--- /dev/null
+++ b/www-servers/nginx/nginx-1.27.0.ebuild
@@ -0,0 +1,1133 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# nginx-vod-module (https://github.com/kaltura/nginx-vod-module, AGPL-3+)
+HTTP_VOD_MODULE_PV="1.33"
+HTTP_VOD_MODULE_P="nginx-vod-module-${HTTP_VOD_MODULE_PV}"
+HTTP_VOD_MODULE_URI="https://github.com/kaltura/nginx-vod-module/archive/${HTTP_VOD_MODULE_PV}.tar.gz"
+HTTP_VOD_MODULE_WD="${WORKDIR}/nginx-vod-module-${HTTP_VOD_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="0b5ec15c62ed"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_http_vod? ( ${HTTP_VOD_MODULE_URI} -> ${HTTP_VOD_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+RESTRICT="!test? ( test )"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ http_vod
+ stream_geoip2
+ stream_javascript
+"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_http_vod? ( media-video/ffmpeg:0= )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )
+ nginx_modules_http_vod? ( threads )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if use nginx_modules_http_vod; then
+ http_enabled=1
+ export HTTP_POSTPONE=no
+ myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+
+ if use nginx_modules_http_vod; then
+ docinto ${HTTP_VOD_MODULE_P}
+ dodoc "${HTTP_VOD_MODULE_WD}"/{CHANGELOG,README}.md
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-29 22:58 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-05-29 22:58 UTC (permalink / raw
To: gentoo-commits
commit: 15ee8b9878108d89e4a0eae8770cc78d1466d287
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed May 29 22:50:37 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed May 29 22:53:39 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15ee8b98
www-servers/nginx: drop 1.24.0-r3, 1.24.0-r4
Bug: https://bugs.gentoo.org/924619
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 -
www-servers/nginx/nginx-1.24.0-r3.ebuild | 1066 -----------------------------
www-servers/nginx/nginx-1.24.0-r4.ebuild | 1100 ------------------------------
3 files changed, 2168 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 266c471bebca..9ccdf6a0fa6f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,4 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-1.26.1.tar.gz 1244738 BLAKE2B 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679 SHA512 dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37
@@ -17,7 +16,6 @@ DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75
DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
DIST ngx_http_headers_more-0.34.tar.gz 28827 BLAKE2B 48badf603b93601b11c837057760f768ef2579062786bb366795617635747b654cecafa3a230eec1a3e442ab768fb068867ceb93385b14b6452b621764acfd3f SHA512 2c0c140feeb29f0154a223dc3020ff956f894d63e0232a7bc0ca33fcb26f8b807bda868159ae30b6cac7456ec25b831c3d299ea18e234202ae5d14c1ff471a4b
DIST ngx_http_lua-0.10.25.tar.gz 725616 BLAKE2B b7b766adb76d39edf4ed1fcebea4d696c30b53885923c12e06b6417a63ad5c7e7d926bab8c865b5900b92b3b43126b4d30f92ac6ec941e733f197e5295a0f406 SHA512 01943f2b789b4e385592707f2769a5f4da668415ef9bd0c5263face2fb4146a28137fb8ab8b55056240dad034780601b7966913951cc0c77f4b3aa9eab50ae40
-DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
DIST ngx_http_naxsi-4140b2ded624eb36f04c783c460379b9403012d0.tar.gz 166325 BLAKE2B f80353bfc1f3fc009b847de1c1c5d623a84682efc588649cbd156f669336c95f337442ebf350c79321bf59477215f083817929f13550b22dc7f393583aa16ba1 SHA512 6d6565189d9fabdcf318270107455bb4915d2a43284fb2f77b5cf025a4b4843e990c1c1dbc254e0f3879ca7d30ac7bcd7eb8637f491d5b7f05193aa9865be7cc
DIST ngx_http_naxsi_libinjection-49904c42a6e68dc8f16c022c693e897e4010a06c.tar.gz 2123473 BLAKE2B 69208f09ca9f10f59f53a3e949894ebc6e51b0ed5708e551759fd8fbc002c83f5a0462fd22eaf52cae290992633729f47403b33c41539437e40700fb7763ac2a SHA512 ed643aaed8d70dae028ec3df48be3aa2c03955073039cd14fb6187bf162cfee9131ab3e5900ddc349526b171f4da0e01e13b39a669cb85838c1f254476a3c1b8
DIST ngx_http_push_stream-8c02220d484d7848bc8e3a6d9b1c616987e86f66.tar.gz 196994 BLAKE2B 90baeb4fb03aeb309bcf1a987420067ca81843ff9b85b8fc26ba703741571e631826e5928a439a3ae79f2f5e369a3acb2cd803789308642ae757d67722ac7f33 SHA512 ad5424d65909d1cf0c2b64d7a4bc3123f4d3e240f1c9d611f6b6fc41167d169f474c723b1c327d42bd295f973a6365ad32e3f095b8c7c7cddc7e54aea138ca31
diff --git a/www-servers/nginx/nginx-1.24.0-r3.ebuild b/www-servers/nginx/nginx-1.24.0-r3.ebuild
deleted file mode 100644
index 9f79279f01b1..000000000000
--- a/www-servers/nginx/nginx-1.24.0-r3.ebuild
+++ /dev/null
@@ -1,1066 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.24.0-r4.ebuild b/www-servers/nginx/nginx-1.24.0-r4.ebuild
deleted file mode 100644
index 148b7014abd6..000000000000
--- a/www-servers/nginx/nginx-1.24.0-r4.ebuild
+++ /dev/null
@@ -1,1100 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - Update NGINX_TESTS_REV to the current available revision and run tests.
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="0b5ec15c62ed"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-RESTRICT="!test? ( test )"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- test? (
- dev-lang/perl
- dev-perl/Cache-Memcached
- dev-perl/Cache-Memcached-Fast
- dev-perl/CryptX
- dev-perl/FCGI
- dev-perl/GD
- dev-perl/Net-SSLeay
- )"
-# Unpackaged perl modules which would be used by tests
-# Protocol::WebSocket
-# SCGI
-
-# Uwsgi doesn't start in tests
-# www-servers/uwsgi
-
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-src_test() {
- pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
-
- # FIXME: unsure why uwsgi fails to start
- rm uwsgi*.t || die
-
- local -x TEST_NGINX_BINARY="${S}/objs/nginx"
- local -x TEST_NGINX_VERBOSE=1
-
- prove -v -j $(makeopts_jobs) . || die
- popd > /dev/null || die
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-29 22:58 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-05-29 22:58 UTC (permalink / raw
To: gentoo-commits
commit: 2fa218bedb84894ead60e3ec362423cf684eb64b
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Wed May 29 22:48:04 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed May 29 22:48:04 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fa218be
www-servers/nginx: add 1.26.1, drop 1.26.0
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.26.0.ebuild => nginx-1.26.1.ebuild} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5293061d3896..266c471bebca 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,7 +2,7 @@ DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d
DIST nginx-1.24.0.tar.gz 1112471 BLAKE2B 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d SHA512 1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3
DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
-DIST nginx-1.26.0.tar.gz 1244118 BLAKE2B a1c58ceda5599f5a02bd7992e9b2cc9f46f5655e4ca1bc8e9d2cae3b9837c72f37f5a83a9f7559861fb6ef8cad165a3e267ec67b20de18901314ac975dbdcbb4 SHA512 1f604a4a29f1b74eb56de7f1d8b0e5610fa055280b4ad2d3550c56926460de24da81b17485cffb358d8814061d4a9db1e0e5079af7921f1dc329e283e2775791
+DIST nginx-1.26.1.tar.gz 1244738 BLAKE2B 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679 SHA512 dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
diff --git a/www-servers/nginx/nginx-1.26.0.ebuild b/www-servers/nginx/nginx-1.26.1.ebuild
similarity index 100%
rename from www-servers/nginx/nginx-1.26.0.ebuild
rename to www-servers/nginx/nginx-1.26.1.ebuild
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-30 0:05 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-05-30 0:05 UTC (permalink / raw
To: gentoo-commits
commit: e8acf0f2a11ee51ab2e5b829571dec7603043ee0
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 30 00:05:44 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 30 00:05:44 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8acf0f2
www-servers/nginx: Stabilize 1.26.1 arm64, #933137
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.26.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.26.1.ebuild b/www-servers/nginx/nginx-1.26.1.ebuild
index 2848df247226..8c53171f9aba 100644
--- a/www-servers/nginx/nginx-1.26.1.ebuild
+++ b/www-servers/nginx/nginx-1.26.1.ebuild
@@ -220,7 +220,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-30 0:05 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-05-30 0:05 UTC (permalink / raw
To: gentoo-commits
commit: ea6808f66e27a5e9af9c82ec5905b5a1fa0db1cc
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 30 00:05:43 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 30 00:05:43 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea6808f6
www-servers/nginx: Stabilize 1.26.1 arm, #933137
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.26.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.26.1.ebuild b/www-servers/nginx/nginx-1.26.1.ebuild
index f6b48a38a163..2848df247226 100644
--- a/www-servers/nginx/nginx-1.26.1.ebuild
+++ b/www-servers/nginx/nginx-1.26.1.ebuild
@@ -220,7 +220,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-30 2:09 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-05-30 2:09 UTC (permalink / raw
To: gentoo-commits
commit: 8e8bf5062d2a3449753961e7b2df1742f41454d3
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 30 02:09:26 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 30 02:09:26 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e8bf506
www-servers/nginx: Stabilize 1.26.1 amd64, #933137
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.26.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.26.1.ebuild b/www-servers/nginx/nginx-1.26.1.ebuild
index 8c53171f9aba..a2019bc056e8 100644
--- a/www-servers/nginx/nginx-1.26.1.ebuild
+++ b/www-servers/nginx/nginx-1.26.1.ebuild
@@ -220,7 +220,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="~amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-30 2:09 Sam James
0 siblings, 0 replies; 277+ messages in thread
From: Sam James @ 2024-05-30 2:09 UTC (permalink / raw
To: gentoo-commits
commit: d4bd0b1aeff26699d684080fedeba0e529777d9a
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 30 02:09:27 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 30 02:09:27 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4bd0b1a
www-servers/nginx: Stabilize 1.26.1 x86, #933137
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/nginx/nginx-1.26.1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.26.1.ebuild b/www-servers/nginx/nginx-1.26.1.ebuild
index a2019bc056e8..c07e31bbad91 100644
--- a/www-servers/nginx/nginx-1.26.1.ebuild
+++ b/www-servers/nginx/nginx-1.26.1.ebuild
@@ -220,7 +220,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
nginx_modules_http_push_stream? ( GPL-3 )"
SLOT="0"
-KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-05-30 6:54 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-05-30 6:54 UTC (permalink / raw
To: gentoo-commits
commit: 7a91a5af04f0928a00f9df5ce6837ce057e2edfe
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Thu May 30 06:53:02 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu May 30 06:53:02 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a91a5af
www-servers/nginx: drop 1.25.4-r1, 1.25.5
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 -
www-servers/nginx/nginx-1.25.4-r1.ebuild | 1112 -----------------------------
www-servers/nginx/nginx-1.25.5.ebuild | 1133 ------------------------------
3 files changed, 2247 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 147ade760266..6aa6b437b924 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,4 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.25.4.tar.gz 1236273 BLAKE2B 3236751f9e7ced1a6b79e957c7a4cf19070bf430a30b322b09924a72574ad514bf2989829d5da599c6058fc5f8673b2ad608a3bd57380578883f2c091ff70983 SHA512 72a4aa8ed675f5a27ac723a73e556bbb5ae979a2fe79f9c2f4fb20bd7e719c797af8e2868044b7f2cf58be2a351a268599c8eb1e66719098d4142abab7632bb5
-DIST nginx-1.25.5.tar.gz 1244060 BLAKE2B 75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6 SHA512 4a069ec08af46e42a72e263291fc84a67605d817ece1ea7092a5da5babced96ef27eb370ad6f7558b2f5973406080240080aaf4b27fc2d8b41f6853601563cb7
DIST nginx-1.26.1.tar.gz 1244738 BLAKE2B 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679 SHA512 dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37
DIST nginx-1.27.0.tar.gz 1244887 BLAKE2B 035ec8d44f7f7df9b0c77e97e353a579642b75f905c1a6be5caf5ff952be9cae7ccc14c0bfce5ab148a11799d308225e9b7155458905b624c12acd09c03dfa44 SHA512 251bfe65c717a8027ef05caae2ab2ea73b9b544577f539a1d419fe6adf0bcc846b73b58f54ea3f102df79aaf340e4fa56793ddadea3cd61bcbbe2364ef94bacb
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
diff --git a/www-servers/nginx/nginx-1.25.4-r1.ebuild b/www-servers/nginx/nginx-1.25.4-r1.ebuild
deleted file mode 100644
index da685a0b5902..000000000000
--- a/www-servers/nginx/nginx-1.25.4-r1.ebuild
+++ /dev/null
@@ -1,1112 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - Update NGINX_TESTS_REV to the current available revision and run tests.
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="0b5ec15c62ed"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux"
-
-RESTRICT="!test? ( test )"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- test? (
- dev-lang/perl
- dev-perl/Cache-Memcached
- dev-perl/Cache-Memcached-Fast
- dev-perl/CryptX
- dev-perl/FCGI
- dev-perl/GD
- dev-perl/Net-SSLeay
- )"
-# Unpackaged perl modules which would be used by tests
-# Protocol::WebSocket
-# SCGI
-
-# Uwsgi doesn't start in tests
-# www-servers/uwsgi
-
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-}
-
-src_test() {
- pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
-
- # FIXME: unsure why uwsgi fails to start
- rm uwsgi*.t || die
-
- local -x TEST_NGINX_BINARY="${S}/objs/nginx"
- local -x TEST_NGINX_VERBOSE=1
-
- prove -v -j $(makeopts_jobs) . || die
- popd > /dev/null || die
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
diff --git a/www-servers/nginx/nginx-1.25.5.ebuild b/www-servers/nginx/nginx-1.25.5.ebuild
deleted file mode 100644
index 631386626414..000000000000
--- a/www-servers/nginx/nginx-1.25.5.ebuild
+++ /dev/null
@@ -1,1133 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - Update NGINX_TESTS_REV to the current available revision and run tests.
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# nginx-vod-module (https://github.com/kaltura/nginx-vod-module, AGPL-3+)
-HTTP_VOD_MODULE_PV="1.33"
-HTTP_VOD_MODULE_P="nginx-vod-module-${HTTP_VOD_MODULE_PV}"
-HTTP_VOD_MODULE_URI="https://github.com/kaltura/nginx-vod-module/archive/${HTTP_VOD_MODULE_PV}.tar.gz"
-HTTP_VOD_MODULE_WD="${WORKDIR}/nginx-vod-module-${HTTP_VOD_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="0b5ec15c62ed"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_http_vod? ( ${HTTP_VOD_MODULE_URI} -> ${HTTP_VOD_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-RESTRICT="!test? ( test )"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- http_vod
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_http_vod? ( media-video/ffmpeg:0= )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- test? (
- dev-lang/perl
- dev-perl/Cache-Memcached
- dev-perl/Cache-Memcached-Fast
- dev-perl/CryptX
- dev-perl/FCGI
- dev-perl/GD
- dev-perl/Net-SSLeay
- )"
-# Unpackaged perl modules which would be used by tests
-# Protocol::WebSocket
-# SCGI
-
-# Uwsgi doesn't start in tests
-# www-servers/uwsgi
-
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )
- nginx_modules_http_vod? ( threads )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if use nginx_modules_http_vod; then
- http_enabled=1
- export HTTP_POSTPONE=no
- myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-
- if use nginx_modules_http_vod; then
- docinto ${HTTP_VOD_MODULE_P}
- dodoc "${HTTP_VOD_MODULE_WD}"/{CHANGELOG,README}.md
- fi
-}
-
-src_test() {
- pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
-
- # FIXME: unsure why uwsgi fails to start
- rm uwsgi*.t || die
-
- local -x TEST_NGINX_BINARY="${S}/objs/nginx"
- local -x TEST_NGINX_VERBOSE=1
-
- prove -v -j $(makeopts_jobs) . || die
- popd > /dev/null || die
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-06-27 15:40 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-06-27 15:40 UTC (permalink / raw
To: gentoo-commits
commit: bbfa677a1c1df3d43cb4e3f124371b297e40ad97
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 27 14:48:06 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu Jun 27 15:40:25 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbfa677a
www-servers/nginx: update njs to 0.8.5
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.26.1.ebuild => nginx-1.26.1-r1.ebuild} | 2 +-
www-servers/nginx/{nginx-1.27.0.ebuild => nginx-1.27.0-r1.ebuild} | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6aa6b437b924..46b2b1a44166 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,4 +26,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
-DIST njs-0.8.4.tar.gz 743910 BLAKE2B cad96f0e7ccac928506bc7822310750921b7ebb1ed87903a6335988b3e42b264179b699455439140c80afd9f93ecb63877cc7327919ebb29d7ad391e9d378367 SHA512 450f6866141f6f370767149c8749e84c4373f401d6d2237ca85365a851ebe7bdbd8a3c25e85a55747673e8bef2238a979dd237d5fc5c641b2f3f2cf7f26dffc8
+DIST njs-0.8.5.tar.gz 844437 BLAKE2B 3f8a601370fbe2bfbe0e1748f71b1793985fd2736f4b94a65ec564d5ac4a653faf28a86469cef36bc312ff53287ea4afd43edda503e36c8797947827a902a10d SHA512 09fb37d609f5cb97b0af5eb097a017233af2eacb2d38071346b49f5e03b5e37280eebb360fc824acba0c600c44d234e2d11fa55f4bc913319491d7789a94171c
diff --git a/www-servers/nginx/nginx-1.26.1.ebuild b/www-servers/nginx/nginx-1.26.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.26.1.ebuild
rename to www-servers/nginx/nginx-1.26.1-r1.ebuild
index c07e31bbad91..14ac4f2e9864 100644
--- a/www-servers/nginx/nginx-1.26.1.ebuild
+++ b/www-servers/nginx/nginx-1.26.1-r1.ebuild
@@ -166,7 +166,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.4"
+NJS_MODULE_PV="0.8.5"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
diff --git a/www-servers/nginx/nginx-1.27.0.ebuild b/www-servers/nginx/nginx-1.27.0-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.27.0.ebuild
rename to www-servers/nginx/nginx-1.27.0-r1.ebuild
index 631386626414..749ba9ff4572 100644
--- a/www-servers/nginx/nginx-1.27.0.ebuild
+++ b/www-servers/nginx/nginx-1.27.0-r1.ebuild
@@ -166,7 +166,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.4"
+NJS_MODULE_PV="0.8.5"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-08-15 20:43 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-08-15 20:43 UTC (permalink / raw
To: gentoo-commits
commit: ba6e6bedb0605ca81e7caeb38c2bdf2426e76d6b
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 15 20:40:31 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Thu Aug 15 20:40:31 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba6e6bed
www-servers/nginx: fix for CVE-2024-7347
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 4 ++--
www-servers/nginx/{nginx-1.26.1-r1.ebuild => nginx-1.26.2.ebuild} | 0
www-servers/nginx/{nginx-1.27.0-r1.ebuild => nginx-1.27.1.ebuild} | 0
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 46b2b1a44166..8be6d80e4a9a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,6 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.26.1.tar.gz 1244738 BLAKE2B 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679 SHA512 dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37
-DIST nginx-1.27.0.tar.gz 1244887 BLAKE2B 035ec8d44f7f7df9b0c77e97e353a579642b75f905c1a6be5caf5ff952be9cae7ccc14c0bfce5ab148a11799d308225e9b7155458905b624c12acd09c03dfa44 SHA512 251bfe65c717a8027ef05caae2ab2ea73b9b544577f539a1d419fe6adf0bcc846b73b58f54ea3f102df79aaf340e4fa56793ddadea3cd61bcbbe2364ef94bacb
+DIST nginx-1.26.2.tar.gz 1244789 BLAKE2B f054deb47bf21bf963fedc8f980d29c92325bbfcb39c5a2cc67cce15add32036f0b771c7abac018ded6354a0df0850ed5843d26e0cf5d9577b70ca3fa89a206c SHA512 470efe9ae5d6150ecbf133979c6c36415679a2156499a3b6820a85eb8f3038a8aa06f7b28ddd834cffb0e982f3ddc89e4b1649d536eba4f84019a72d4cfa3539
+DIST nginx-1.27.1.tar.gz 1245244 BLAKE2B d31dac0ced22604a3e8d3b054b3fe560aef4e29b56346466e09e39316ce21ff4b107233a50e58d20419551fd8b9cc530f855445efd88b8497b492676e10de3d8 SHA512 9bbdfcd7b9524f48e96b2ce6cc74bab20242885f208d1ad4117336a24642f3355d1c379e6041a4c341e31fb15faea39fc4410b6523164e3179594bbfb5fc35f5
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
diff --git a/www-servers/nginx/nginx-1.26.1-r1.ebuild b/www-servers/nginx/nginx-1.26.2.ebuild
similarity index 100%
rename from www-servers/nginx/nginx-1.26.1-r1.ebuild
rename to www-servers/nginx/nginx-1.26.2.ebuild
diff --git a/www-servers/nginx/nginx-1.27.0-r1.ebuild b/www-servers/nginx/nginx-1.27.1.ebuild
similarity index 100%
rename from www-servers/nginx/nginx-1.27.0-r1.ebuild
rename to www-servers/nginx/nginx-1.27.1.ebuild
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-08-30 7:50 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2024-08-30 7:50 UTC (permalink / raw
To: gentoo-commits
commit: 5d4fe535bddde817ff8c0a191c5dbf2fbcb45a2b
Author: Z. Liu <zhixu.liu <AT> gmail <DOT> com>
AuthorDate: Fri Aug 23 12:35:09 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Aug 30 07:50:21 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d4fe535
www-servers/nginx: remove HTTP_POSTPONE=no for nginx-vod module
Closes: https://bugs.gentoo.org/933347
Signed-off-by: Z. Liu <zhixu.liu <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/38260
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/{nginx-1.26.2.ebuild => nginx-1.26.2-r1.ebuild} | 1 -
www-servers/nginx/{nginx-1.27.1.ebuild => nginx-1.27.1-r1.ebuild} | 1 -
2 files changed, 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.26.2.ebuild b/www-servers/nginx/nginx-1.26.2-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.26.2.ebuild
rename to www-servers/nginx/nginx-1.26.2-r1.ebuild
index 14ac4f2e9864..1971e684ca8a 100644
--- a/www-servers/nginx/nginx-1.26.2.ebuild
+++ b/www-servers/nginx/nginx-1.26.2-r1.ebuild
@@ -632,7 +632,6 @@ src_configure() {
if use nginx_modules_http_vod; then
http_enabled=1
- export HTTP_POSTPONE=no
myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
fi
diff --git a/www-servers/nginx/nginx-1.27.1.ebuild b/www-servers/nginx/nginx-1.27.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.27.1.ebuild
rename to www-servers/nginx/nginx-1.27.1-r1.ebuild
index 749ba9ff4572..34de22d938e8 100644
--- a/www-servers/nginx/nginx-1.27.1.ebuild
+++ b/www-servers/nginx/nginx-1.27.1-r1.ebuild
@@ -632,7 +632,6 @@ src_configure() {
if use nginx_modules_http_vod; then
http_enabled=1
- export HTTP_POSTPONE=no
myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
fi
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-10-05 23:00 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-10-05 23:00 UTC (permalink / raw
To: gentoo-commits
commit: c7ba13dbebaecac6b31f2d77cf7adbed85f6db72
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 5 22:53:34 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Oct 5 22:58:04 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7ba13db
www-servers/nginx: update njs to 0.8.6
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/{nginx-1.26.2-r2.ebuild => nginx-1.26.2-r3.ebuild} | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f939ee268f12..a1a8b28e0e2b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,5 +26,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
-DIST njs-0.8.5.tar.gz 844437 BLAKE2B 3f8a601370fbe2bfbe0e1748f71b1793985fd2736f4b94a65ec564d5ac4a653faf28a86469cef36bc312ff53287ea4afd43edda503e36c8797947827a902a10d SHA512 09fb37d609f5cb97b0af5eb097a017233af2eacb2d38071346b49f5e03b5e37280eebb360fc824acba0c600c44d234e2d11fa55f4bc913319491d7789a94171c
DIST njs-0.8.6.tar.gz 879028 BLAKE2B cd6ef50feeeeeb66ac927a9373bac9612e1bd47ec1a6bf4115feac0c15f2e67a1970c19b1bc0fa751395b98eda303dc91547bffde648958935cca4ed531a0728 SHA512 418fb54cf4924a38a1cde661432e9432853a643289c299c347aa9e9b393013e504ea4f15698c885ecde7e7ccb249c51b6b1c2bab96024f82b9acb271d2d4acb9
diff --git a/www-servers/nginx/nginx-1.26.2-r2.ebuild b/www-servers/nginx/nginx-1.26.2-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.26.2-r2.ebuild
rename to www-servers/nginx/nginx-1.26.2-r3.ebuild
index fe6db3b44206..657fa2679891 100644
--- a/www-servers/nginx/nginx-1.26.2-r2.ebuild
+++ b/www-servers/nginx/nginx-1.26.2-r3.ebuild
@@ -166,7 +166,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.5"
+NJS_MODULE_PV="0.8.6"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-10-05 23:00 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-10-05 23:00 UTC (permalink / raw
To: gentoo-commits
commit: e628ed3b5db7ed77cfd43c71e800272409750d45
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 5 22:51:51 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Oct 5 22:58:03 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e628ed3b
www-servers/nginx: add 1.27.2
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +
www-servers/nginx/nginx-1.27.2.ebuild | 1138 +++++++++++++++++++++++++++++++++
2 files changed, 1140 insertions(+)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8be6d80e4a9a..9d33a0983839 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.26.2.tar.gz 1244789 BLAKE2B f054deb47bf21bf963fedc8f980d29c92325bbfcb39c5a2cc67cce15add32036f0b771c7abac018ded6354a0df0850ed5843d26e0cf5d9577b70ca3fa89a206c SHA512 470efe9ae5d6150ecbf133979c6c36415679a2156499a3b6820a85eb8f3038a8aa06f7b28ddd834cffb0e982f3ddc89e4b1649d536eba4f84019a72d4cfa3539
DIST nginx-1.27.1.tar.gz 1245244 BLAKE2B d31dac0ced22604a3e8d3b054b3fe560aef4e29b56346466e09e39316ce21ff4b107233a50e58d20419551fd8b9cc530f855445efd88b8497b492676e10de3d8 SHA512 9bbdfcd7b9524f48e96b2ce6cc74bab20242885f208d1ad4117336a24642f3355d1c379e6041a4c341e31fb15faea39fc4410b6523164e3179594bbfb5fc35f5
+DIST nginx-1.27.2.tar.gz 1258098 BLAKE2B f3a68e0f5f89cdbae2f79dc71ecf9074cf39bbee114c3bdc59892baec54eb44fc4fdb1e0aa7f3f688ae28386a2371d2301fa12fba93e4a08ed05ebfd3d481952 SHA512 5e2e0ccba596c5fa67571095e7c9b34e0a8a44f12d72c5cc714360926a192a09810e08f653b16112b5a3223e8cddc5a61f9f8dba026fb0854ec7a0d440666cf2
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
DIST nginx-vod-module-1.33.tar.gz 471858 BLAKE2B fa5cb9fd185b30c5c53b25a6f103213b3d04dac5d2d81db72f9749a51548e09e3e17dccc636d748aff8d21c6623484c77fdeb10d70854480759665d140d42e0e SHA512 29ef77f1bbdb2410ff317ebdd7434f31b8ec370ae6b617b92e745e87c11bc820b451181d1d2b57156b414348da14ac448b689b32b17ab418144292eda094512d
@@ -27,3 +28,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
DIST njs-0.8.5.tar.gz 844437 BLAKE2B 3f8a601370fbe2bfbe0e1748f71b1793985fd2736f4b94a65ec564d5ac4a653faf28a86469cef36bc312ff53287ea4afd43edda503e36c8797947827a902a10d SHA512 09fb37d609f5cb97b0af5eb097a017233af2eacb2d38071346b49f5e03b5e37280eebb360fc824acba0c600c44d234e2d11fa55f4bc913319491d7789a94171c
+DIST njs-0.8.6.tar.gz 879028 BLAKE2B cd6ef50feeeeeb66ac927a9373bac9612e1bd47ec1a6bf4115feac0c15f2e67a1970c19b1bc0fa751395b98eda303dc91547bffde648958935cca4ed531a0728 SHA512 418fb54cf4924a38a1cde661432e9432853a643289c299c347aa9e9b393013e504ea4f15698c885ecde7e7ccb249c51b6b1c2bab96024f82b9acb271d2d4acb9
diff --git a/www-servers/nginx/nginx-1.27.2.ebuild b/www-servers/nginx/nginx-1.27.2.ebuild
new file mode 100644
index 000000000000..922754bbbec8
--- /dev/null
+++ b/www-servers/nginx/nginx-1.27.2.ebuild
@@ -0,0 +1,1138 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+# * alive upstream
+# * sane packaging
+# * builds cleanly
+# * does not need a patch for nginx core
+# - Update NGINX_TESTS_REV to the current available revision and run tests.
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.25"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# nginx-vod-module (https://github.com/kaltura/nginx-vod-module, AGPL-3+)
+HTTP_VOD_MODULE_PV="1.33"
+HTTP_VOD_MODULE_P="nginx-vod-module-${HTTP_VOD_MODULE_PV}"
+HTTP_VOD_MODULE_URI="https://github.com/kaltura/nginx-vod-module/archive/${HTTP_VOD_MODULE_PV}.tar.gz"
+HTTP_VOD_MODULE_WD="${WORKDIR}/nginx-vod-module-${HTTP_VOD_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.8.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
+NGINX_TESTS_REV="0b5ec15c62ed"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+ ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+ nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+ nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+ nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+ nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+ nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+ nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+ nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+ nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+ nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+ nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+ nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+ nginx_modules_http_naxsi? (
+ ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+ ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+ )
+ nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+ nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+ nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+ nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+ nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+ nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+ nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+ nginx_modules_http_vod? ( ${HTTP_VOD_MODULE_URI} -> ${HTTP_VOD_MODULE_P}.tar.gz )
+ nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+ nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+ rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+ test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+ nginx_modules_http_security? ( Apache-2.0 )
+ nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+ fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+ proxy referer rewrite scgi ssi split_clients upstream_hash
+ upstream_ip_hash upstream_keepalive upstream_least_conn
+ upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+ gzip_static image_filter mp4 perl random_index realip secure_link
+ slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+ upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+ http_auth_ldap
+ http_auth_pam
+ http_brotli
+ http_cache_purge
+ http_dav_ext
+ http_echo
+ http_fancyindex
+ http_geoip2
+ http_headers_more
+ http_javascript
+ http_lua
+ http_memc
+ http_metrics
+ http_mogilefs
+ http_naxsi
+ http_push_stream
+ http_security
+ http_slowfs_cache
+ http_sticky
+ http_upload_progress
+ http_upstream_check
+ http_vhost_traffic_status
+ http_vod
+ stream_geoip2
+ stream_javascript
+"
+
+RESTRICT="!test? ( test )"
+
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+ IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+ IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+ IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+ IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+ IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+ acct-group/nginx
+ acct-user/nginx
+ virtual/libcrypt:=
+ pcre? ( dev-libs/libpcre:= )
+ pcre2? ( dev-libs/libpcre2:= )
+ pcre-jit? ( dev-libs/libpcre:=[jit] )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ http2? (
+ >=dev-libs/openssl-1.0.1c:0=
+ )
+ http-cache? (
+ dev-libs/openssl:0=
+ )
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
+ nginx_modules_http_brotli? ( app-arch/brotli:= )
+ nginx_modules_http_geoip? ( dev-libs/geoip )
+ nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+ nginx_modules_http_gunzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip? ( sys-libs/zlib )
+ nginx_modules_http_gzip_static? ( sys-libs/zlib )
+ nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+ nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+ nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+ nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+ nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+ nginx_modules_http_lua? ( ${LUA_DEPS} )
+ nginx_modules_http_auth_pam? ( sys-libs/pam )
+ nginx_modules_http_metrics? ( dev-libs/yajl:= )
+ nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+ nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+ nginx_modules_http_vod? ( media-video/ffmpeg:0= )
+ nginx_modules_stream_geoip? ( dev-libs/geoip )
+ nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+ app-misc/mime-types[nginx]
+ selinux? ( sec-policy/selinux-nginx )
+ !www-servers/nginx:0"
+DEPEND="${CDEPEND}
+ arm? ( dev-libs/libatomic_ops )
+ libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="
+ nginx_modules_http_brotli? ( virtual/pkgconfig )
+ test? (
+ dev-lang/perl
+ dev-perl/Cache-Memcached
+ dev-perl/Cache-Memcached-Fast
+ dev-perl/CryptX
+ dev-perl/FCGI
+ dev-perl/GD
+ dev-perl/Net-SSLeay
+ )"
+# Unpackaged perl modules which would be used by tests
+# Protocol::WebSocket
+# SCGI
+
+# Uwsgi doesn't start in tests
+# www-servers/uwsgi
+
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
+ nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+ nginx_modules_http_grpc? ( http2 )
+ nginx_modules_http_lua? (
+ ${LUA_REQUIRED_USE}
+ nginx_modules_http_rewrite
+ pcre
+ !pcre2
+ )
+ nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+ nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+ nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+ nginx_modules_http_security? ( pcre )
+ nginx_modules_http_push_stream? ( ssl )
+ nginx_modules_http_vod? ( threads )"
+
+pkg_setup() {
+ NGINX_HOME="/var/lib/nginx"
+ NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+ if use libatomic; then
+ ewarn "GCC 4.1+ features built-in atomic operations."
+ ewarn "Using libatomic_ops is only needed if using"
+ ewarn "a different compiler or a GCC prior to 4.1"
+ fi
+
+ if [[ -n $NGINX_ADD_MODULES ]]; then
+ ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+ ewarn "This nginx installation is not supported!"
+ ewarn "Make sure you can reproduce the bug without those modules"
+ ewarn "_before_ reporting bugs."
+ fi
+
+ if use !http; then
+ ewarn "To actually disable all http-functionality you also have to disable"
+ ewarn "all nginx http modules."
+ fi
+
+ if use nginx_modules_http_mogilefs && use threads; then
+ eerror "mogilefs won't compile with threads support."
+ eerror "Please disable either flag and try again."
+ die "Can't compile mogilefs with threads support"
+ fi
+
+ use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+ eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+ eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+ if use nginx_modules_http_auth_ldap; then
+ cd "${HTTP_LDAP_MODULE_WD}" || die
+ eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_javascript; then
+ cd "${NJS_MODULE_WD}" || die
+ sed -e 's/-Werror//g' -i auto/cc || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_sticky; then
+ cd "${HTTP_STICKY_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ cd "${HTTP_NAXSI_MODULE_WD}" || die
+ rm -r libinjection || die
+ mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_brotli; then
+ cd "${HTTP_BROTLI_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_upload_progress; then
+ cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+ eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_security ; then
+ cd "${HTTP_SECURITY_MODULE_WD}" || die
+ eapply "${FILESDIR}/http_security-nginx-1.26.2.patch"
+ cd "${S}" || die
+ fi
+
+ find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+ # We have config protection, don't rename etc files
+ sed -i 's:.default::' auto/install || die
+ # remove useless files
+ sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+ # don't install to /etc/nginx/ if not in use
+ local module
+ for module in fastcgi scgi uwsgi ; do
+ if ! use nginx_modules_http_${module}; then
+ sed -i -e "/${module}/d" auto/install || die
+ fi
+ done
+
+ eapply_user
+}
+
+src_configure() {
+ local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+ use aio && myconf+=( --with-file-aio )
+ use debug && myconf+=( --with-debug )
+ use http2 && myconf+=( --with-http_v2_module )
+ use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
+ use libatomic && myconf+=( --with-libatomic )
+ use pcre && myconf+=( --with-pcre --without-pcre2 )
+ use pcre-jit && myconf+=( --with-pcre-jit )
+ use threads && myconf+=( --with-threads )
+
+ # HTTP modules
+ for mod in $NGINX_MODULES_STD; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ else
+ myconf+=( --without-http_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_OPT; do
+ if use nginx_modules_http_${mod}; then
+ http_enabled=1
+ myconf+=( --with-http_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_http_fastcgi; then
+ myconf+=( --with-http_realip_module )
+ fi
+
+ # third-party modules
+ if use nginx_modules_http_upload_progress; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_headers_more; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_lua; then
+ http_enabled=1
+ export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+ export LUAJIT_INC=$(lua_get_include_dir)
+ myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+ myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_metrics; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_naxsi ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
+ fi
+
+ if use rtmp ; then
+ http_enabled=1
+ myconf+=( --add-module=${RTMP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_dav_ext ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_echo ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_security ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_push_stream ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_sticky ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_mogilefs ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_memc ; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_vhost_traffic_status; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+ myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+ fi
+
+ if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+ myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+ fi
+
+ if use nginx_modules_http_brotli; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+ fi
+
+ if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
+ http_enabled=1
+ fi
+
+ if use nginx_modules_http_vod; then
+ http_enabled=1
+ myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
+ fi
+
+ if [ $http_enabled ]; then
+ use http-cache || myconf+=( --without-http-cache )
+ use ssl && myconf+=( --with-http_ssl_module )
+ else
+ myconf+=( --without-http --without-http-cache )
+ fi
+
+ # Stream modules
+ for mod in $NGINX_MODULES_STREAM_STD; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ else
+ myconf+=( --without-stream_${mod}_module )
+ fi
+ done
+
+ for mod in $NGINX_MODULES_STREAM_OPT; do
+ if use nginx_modules_stream_${mod}; then
+ stream_enabled=1
+ myconf+=( --with-stream_${mod}_module )
+ fi
+ done
+
+ if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+ stream_enabled=1
+ fi
+
+ if [ $stream_enabled ]; then
+ myconf+=( --with-stream )
+ use ssl && myconf+=( --with-stream_ssl_module )
+ fi
+
+ # MAIL modules
+ for mod in $NGINX_MODULES_MAIL; do
+ if use nginx_modules_mail_${mod}; then
+ mail_enabled=1
+ else
+ myconf+=( --without-mail_${mod}_module )
+ fi
+ done
+
+ if [ $mail_enabled ]; then
+ myconf+=( --with-mail )
+ use ssl && myconf+=( --with-mail_ssl_module )
+ fi
+
+ # custom modules
+ for mod in $NGINX_ADD_MODULES; do
+ myconf+=( --add-module=${mod} )
+ done
+
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ tc-export AR CC
+
+ if ! use prefix; then
+ myconf+=( --user=${PN} )
+ myconf+=( --group=${PN} )
+ fi
+
+ if [[ -n "${EXTRA_ECONF}" ]]; then
+ myconf+=( ${EXTRA_ECONF} )
+ ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+ fi
+
+ ./configure \
+ --prefix="${EPREFIX}"/usr \
+ --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+ --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+ --pid-path="${EPREFIX}"/run/${PN}.pid \
+ --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+ --with-cc-opt="-I${ESYSROOT}/usr/include" \
+ --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+ --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+ --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+ --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+ --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+ --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+ --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+ --with-compat \
+ "${myconf[@]}" || die "configure failed"
+
+ # A purely cosmetic change that makes nginx -V more readable. This can be
+ # good if people outside the gentoo community would troubleshoot and
+ # question the users setup.
+ sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+ # https://bugs.gentoo.org/286772
+ export LANG=C LC_ALL=C
+ emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+ newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+ newconfd "${FILESDIR}"/nginx.confd nginx
+
+ systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+ doman man/nginx.8
+ dodoc CHANGES* README
+
+ # just keepdir. do not copy the default htdocs files (bug #449136)
+ keepdir /var/www/localhost
+ rm -rf "${ED}"/usr/html || die
+
+ # set up a list of directories to keep
+ local keepdir_list="${NGINX_HOME_TMP}"/client
+ local module
+ for module in proxy fastcgi scgi uwsgi; do
+ use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+ done
+
+ keepdir /var/log/nginx ${keepdir_list}
+
+ # this solves a problem with SELinux where nginx doesn't see the directories
+ # as root and tries to create them as nginx
+ fperms 0750 "${NGINX_HOME_TMP}"
+ fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+ fperms 0700 ${keepdir_list}
+ fowners ${PN}:${PN} ${keepdir_list}
+
+ fperms 0710 /var/log/nginx
+ fowners 0:${PN} /var/log/nginx
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+ # Don't create /run
+ rm -rf "${ED}"/run || die
+
+ if use lua_single_target_luajit; then
+ pax-mark m "${ED}/usr/sbin/nginx"
+ fi
+
+ if use nginx_modules_http_perl; then
+ cd "${S}"/objs/src/http/modules/perl/ || die
+ emake DESTDIR="${D}" INSTALLDIRS=vendor
+ perl_delete_localpod
+ cd "${S}" || die
+ fi
+
+ if use nginx_modules_http_cache_purge; then
+ docinto ${HTTP_CACHE_PURGE_MODULE_P}
+ dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+ fi
+
+ if use nginx_modules_http_slowfs_cache; then
+ docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+ dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_fancyindex; then
+ docinto ${HTTP_FANCYINDEX_MODULE_P}
+ dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_lua; then
+ docinto ${HTTP_LUA_MODULE_P}
+ dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_pam; then
+ docinto ${HTTP_AUTH_PAM_MODULE_P}
+ dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+ fi
+
+ if use nginx_modules_http_upstream_check; then
+ docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+ dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+ fi
+
+ if use nginx_modules_http_naxsi; then
+ insinto /etc/nginx/naxsi
+ doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+ doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+ doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+ fi
+
+ if use rtmp; then
+ docinto ${RTMP_MODULE_P}
+ dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+ fi
+
+ if use nginx_modules_http_dav_ext; then
+ docinto ${HTTP_DAV_EXT_MODULE_P}
+ dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+ fi
+
+ if use nginx_modules_http_echo; then
+ docinto ${HTTP_ECHO_MODULE_P}
+ dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_security; then
+ docinto ${HTTP_SECURITY_MODULE_P}
+ dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+ fi
+
+ if use nginx_modules_http_push_stream; then
+ docinto ${HTTP_PUSH_STREAM_MODULE_P}
+ dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+ fi
+
+ if use nginx_modules_http_sticky; then
+ docinto ${HTTP_STICKY_MODULE_P}
+ dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+ fi
+
+ if use nginx_modules_http_memc; then
+ docinto ${HTTP_MEMC_MODULE_P}
+ dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+ fi
+
+ if use nginx_modules_http_auth_ldap; then
+ docinto ${HTTP_LDAP_MODULE_P}
+ dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+ fi
+
+ if use nginx_modules_http_vod; then
+ docinto ${HTTP_VOD_MODULE_P}
+ dodoc "${HTTP_VOD_MODULE_WD}"/{CHANGELOG,README}.md
+ fi
+}
+
+src_test() {
+ pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
+
+ # FIXME: unsure why uwsgi fails to start
+ rm uwsgi*.t || die
+
+ local -x TEST_NGINX_BINARY="${S}/objs/nginx"
+ local -x TEST_NGINX_VERBOSE=1
+
+ prove -v -j $(makeopts_jobs) . || die
+ popd > /dev/null || die
+}
+
+pkg_postinst() {
+ if use ssl; then
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+ install_cert /etc/ssl/${PN}/${PN}
+ use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+ fi
+ fi
+
+ if use nginx_modules_http_spdy; then
+ ewarn ""
+ ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+ ewarn "Update your configs and package.use accordingly."
+ fi
+
+ if use nginx_modules_http_lua; then
+ ewarn ""
+ ewarn "While you can build lua 3rd party module against ${P}"
+ ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+ ewarn "officially supported target yet. You are on your own."
+ ewarn "Expect runtime failures, memory leaks and other problems!"
+ fi
+
+ if use nginx_modules_http_lua && use http2; then
+ ewarn ""
+ ewarn "Lua 3rd party module author warns against using ${P} with"
+ ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+ fi
+
+ local _n_permission_layout_checks=0
+ local _has_to_adjust_permissions=0
+ local _has_to_show_permission_warning=0
+
+ # Defaults to 1 to inform people doing a fresh installation
+ # that we ship modified {scgi,uwsgi,fastcgi}_params files
+ local _has_to_show_httpoxy_mitigation_notice=1
+
+ local _replacing_version=
+ for _replacing_version in ${REPLACING_VERSIONS}; do
+ _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+ if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+ # Should never happen:
+ # Package is abusing slots but doesn't allow multiple parallel installations.
+ # If we run into this situation it is unsafe to automatically adjust any
+ # permission...
+ _has_to_show_permission_warning=1
+
+ ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+ "You will have to adjust permissions on your own."
+
+ break
+ fi
+
+ local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+ debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+ # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+ # This was before we introduced multiple nginx versions so we
+ # do not need to distinguish between stable and mainline
+ local _need_to_fix_CVE2013_0337=1
+
+ if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+ # We are updating an installation which should already be fixed
+ _need_to_fix_CVE2013_0337=0
+ debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+ fi
+
+ # Do we need to inform about HTTPoxy mitigation?
+ # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.1-r2"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.3-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that the user has
+ # already seen the HTTPoxy mitigation notice because he/she is doing
+ # an update from previous version where we have already shown
+ # the warning. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation where we already informed
+ # that we are mitigating HTTPoxy per default
+ _has_to_show_httpoxy_mitigation_notice=0
+ debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+ else
+ _has_to_show_httpoxy_mitigation_notice=1
+ debug-print "Need to inform about HTTPoxy mitigation!"
+ fi
+ fi
+
+ # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+ # All branches up to 1.11 are affected
+ local _need_to_fix_CVE2016_1247=1
+
+ if ver_test ${_replacing_version_branch} -lt 1.10; then
+ # Updating from <1.10
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ else
+ # Updating from >=1.10
+ local _fixed_in_pvr=
+ case "${_replacing_version_branch}" in
+ "1.10")
+ _fixed_in_pvr="1.10.2-r3"
+ ;;
+ "1.11")
+ _fixed_in_pvr="1.11.6-r1"
+ ;;
+ *)
+ # This should be any future branch.
+ # If we run this code it is safe to assume that we have already
+ # adjusted permissions or were never affected because user is
+ # doing an update from previous version which was safe or did
+ # the adjustments. Otherwise, we wouldn't hit this code path ...
+ _fixed_in_pvr=
+ esac
+
+ if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+ # We are updating an installation which should already be adjusted
+ # or which was never affected
+ _need_to_fix_CVE2016_1247=0
+ debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+ else
+ _has_to_adjust_permissions=1
+ debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+ fi
+ fi
+ done
+
+ if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+ # We do not DIE when chmod/chown commands are failing because
+ # package is already merged on user's system at this stage
+ # and we cannot retry without losing the information that
+ # the existing installation needs to adjust permissions.
+ # Instead we are going to a show a big warning ...
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The world-readable bit (if set) has been removed from the"
+ ewarn "following directories to mitigate a security bug"
+ ewarn "(CVE-2013-0337, bug #458726):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+ chmod o-rwx \
+ "${EPREFIX}"/var/log/nginx \
+ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+ _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+ ewarn ""
+ ewarn "The permissions on the following directory have been reset in"
+ ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Check if this is correct for your setup before restarting nginx!"
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+ fi
+
+ if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+ # Should never happen ...
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "The one-time only attempt to adjust permissions of the"
+ ewarn "existing nginx installation failed. Be aware that we will not"
+ ewarn "try to adjust the same permissions again because now you are"
+ ewarn "using a nginx version where we expect that the permissions"
+ ewarn "are already adjusted or that you know what you are doing and"
+ ewarn "want to keep custom permissions."
+ ewarn ""
+ fi
+ fi
+
+ # Sanity check for CVE-2016-1247
+ # Required to warn users who received the warning above and thought
+ # they could fix it by unmerging and re-merging the package or have
+ # unmerged a affected installation on purpose in the past leaving
+ # /var/log/nginx on their system due to keepdir/non-empty folder
+ # and are now installing the package again.
+ local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+ su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+ if [ $? -eq 0 ] ; then
+ # Cleanup -- no reason to die here!
+ rm -f "${_sanity_check_testfile}"
+
+ ewarn ""
+ ewarn "*************************************************************"
+ ewarn "*************** W A R N I N G ***************"
+ ewarn "*************************************************************"
+ ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+ ewarn "(bug #605008) because nginx user is able to create files in"
+ ewarn ""
+ ewarn " ${EPREFIX}/var/log/nginx"
+ ewarn ""
+ ewarn "Also ensure that no other log directory used by any of your"
+ ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+ ewarn "used by nginx can be abused to escalate privileges!"
+ fi
+
+ if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+ # HTTPoxy mitigation
+ ewarn ""
+ ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+ ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+ ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+ ewarn "are sourcing one of the default"
+ ewarn ""
+ ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
+ ewarn " - 'scgi_params'"
+ ewarn " - 'uwsgi_params'"
+ ewarn ""
+ ewarn "files in your server block(s)."
+ ewarn ""
+ ewarn "If this is causing any problems for you make sure that you are sourcing the"
+ ewarn "default parameters _before_ you set your own values."
+ ewarn "If you are relying on user-supplied proxy values you have to remove the"
+ ewarn "correlating lines from the file(s) mentioned above."
+ ewarn ""
+ fi
+}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-10-05 23:00 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-10-05 23:00 UTC (permalink / raw
To: gentoo-commits
commit: f2eb44df22851b5c1714b6be5ab0e876cd44303c
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 5 22:53:03 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Oct 5 22:58:04 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2eb44df
www-servers/nginx: drop 1.27.1-r2
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 1 -
www-servers/nginx/nginx-1.27.1-r2.ebuild | 1138 ------------------------------
2 files changed, 1139 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9d33a0983839..f939ee268f12 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
DIST nginx-1.26.2.tar.gz 1244789 BLAKE2B f054deb47bf21bf963fedc8f980d29c92325bbfcb39c5a2cc67cce15add32036f0b771c7abac018ded6354a0df0850ed5843d26e0cf5d9577b70ca3fa89a206c SHA512 470efe9ae5d6150ecbf133979c6c36415679a2156499a3b6820a85eb8f3038a8aa06f7b28ddd834cffb0e982f3ddc89e4b1649d536eba4f84019a72d4cfa3539
-DIST nginx-1.27.1.tar.gz 1245244 BLAKE2B d31dac0ced22604a3e8d3b054b3fe560aef4e29b56346466e09e39316ce21ff4b107233a50e58d20419551fd8b9cc530f855445efd88b8497b492676e10de3d8 SHA512 9bbdfcd7b9524f48e96b2ce6cc74bab20242885f208d1ad4117336a24642f3355d1c379e6041a4c341e31fb15faea39fc4410b6523164e3179594bbfb5fc35f5
DIST nginx-1.27.2.tar.gz 1258098 BLAKE2B f3a68e0f5f89cdbae2f79dc71ecf9074cf39bbee114c3bdc59892baec54eb44fc4fdb1e0aa7f3f688ae28386a2371d2301fa12fba93e4a08ed05ebfd3d481952 SHA512 5e2e0ccba596c5fa67571095e7c9b34e0a8a44f12d72c5cc714360926a192a09810e08f653b16112b5a3223e8cddc5a61f9f8dba026fb0854ec7a0d440666cf2
DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
DIST nginx-tests-0b5ec15c62ed.tar.gz 282652 BLAKE2B af41397f88f7aa969749c6dd9a77c58d1835bca24fe764dd0af328d621817f5fb89b3f5b5c0fbd1e7db53d51365e9098b020005e27a531649bd8a51a05b3cbb0 SHA512 c376d23c7001c5203428b664c388e97956cdda8365eb7df57db0da5146d0806f5c35cd1352260d6803d55542f46a90da4a604ebf971055caa77dd6106930558e
diff --git a/www-servers/nginx/nginx-1.27.1-r2.ebuild b/www-servers/nginx/nginx-1.27.1-r2.ebuild
deleted file mode 100644
index bfc1a4a791b6..000000000000
--- a/www-servers/nginx/nginx-1.27.1-r2.ebuild
+++ /dev/null
@@ -1,1138 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-# * alive upstream
-# * sane packaging
-# * builds cleanly
-# * does not need a patch for nginx core
-# - Update NGINX_TESTS_REV to the current available revision and run tests.
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.1"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="1.0.0rc"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.34"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.25"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-LUA_COMPAT=( luajit )
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.2"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/liquidm/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
-HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
-HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
-HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.2"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.63"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
-HTTP_SECURITY_MODULE_PV="1.0.3"
-HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# nginx-vod-module (https://github.com/kaltura/nginx-vod-module, AGPL-3+)
-HTTP_VOD_MODULE_PV="1.33"
-HTTP_VOD_MODULE_P="nginx-vod-module-${HTTP_VOD_MODULE_PV}"
-HTTP_VOD_MODULE_URI="https://github.com/kaltura/nginx-vod-module/archive/${HTTP_VOD_MODULE_PV}.tar.gz"
-HTTP_VOD_MODULE_WD="${WORKDIR}/nginx-vod-module-${HTTP_VOD_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.4"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# nginx-tests (http://hg.nginx.org/nginx-tests, BSD-2)
-NGINX_TESTS_REV="0b5ec15c62ed"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools lua-single multiprocessing ssl-cert toolchain-funcs perl-module systemd pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
- ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
- nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
- nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
- nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
- nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
- nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
- nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
- nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
- nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
- nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
- nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
- nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
- nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
- nginx_modules_http_naxsi? (
- ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
- ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
- )
- nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
- nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
- nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
- nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
- nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
- nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
- nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
- nginx_modules_http_vod? ( ${HTTP_VOD_MODULE_URI} -> ${HTTP_VOD_MODULE_P}.tar.gz )
- nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
- nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
- rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
- test? ( https://hg.nginx.org/nginx-tests/archive/${NGINX_TESTS_REV}.tar.gz -> nginx-tests-${NGINX_TESTS_REV}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
- nginx_modules_http_security? ( Apache-2.0 )
- nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
-
-RESTRICT="!test? ( test )"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
- fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
- proxy referer rewrite scgi ssi split_clients upstream_hash
- upstream_ip_hash upstream_keepalive upstream_least_conn
- upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
- gzip_static image_filter mp4 perl random_index realip secure_link
- slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
- upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
- http_auth_ldap
- http_auth_pam
- http_brotli
- http_cache_purge
- http_dav_ext
- http_echo
- http_fancyindex
- http_geoip2
- http_headers_more
- http_javascript
- http_lua
- http_memc
- http_metrics
- http_mogilefs
- http_naxsi
- http_push_stream
- http_security
- http_slowfs_cache
- http_sticky
- http_upload_progress
- http_upstream_check
- http_vhost_traffic_status
- http_vod
- stream_geoip2
- stream_javascript
-"
-
-IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl test threads vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
- IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
- IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
- IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
- IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
- IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
- acct-group/nginx
- acct-user/nginx
- virtual/libcrypt:=
- pcre? ( dev-libs/libpcre:= )
- pcre2? ( dev-libs/libpcre2:= )
- pcre-jit? ( dev-libs/libpcre:=[jit] )
- ssl? (
- dev-libs/openssl:0=
- )
- http2? (
- >=dev-libs/openssl-1.0.1c:0=
- )
- http-cache? (
- dev-libs/openssl:0=
- )
- ktls? (
- >=dev-libs/openssl-3:0=[ktls]
- )
- nginx_modules_http_brotli? ( app-arch/brotli:= )
- nginx_modules_http_geoip? ( dev-libs/geoip )
- nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
- nginx_modules_http_gunzip? ( sys-libs/zlib )
- nginx_modules_http_gzip? ( sys-libs/zlib )
- nginx_modules_http_gzip_static? ( sys-libs/zlib )
- nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
- nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
- nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
- nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
- nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
- nginx_modules_http_lua? ( ${LUA_DEPS} )
- nginx_modules_http_auth_pam? ( sys-libs/pam )
- nginx_modules_http_metrics? ( dev-libs/yajl:= )
- nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
- nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
- nginx_modules_http_vod? ( media-video/ffmpeg:0= )
- nginx_modules_stream_geoip? ( dev-libs/geoip )
- nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
- app-misc/mime-types[nginx]
- selinux? ( sec-policy/selinux-nginx )
- !www-servers/nginx:0"
-DEPEND="${CDEPEND}
- arm? ( dev-libs/libatomic_ops )
- libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="
- nginx_modules_http_brotli? ( virtual/pkgconfig )
- test? (
- dev-lang/perl
- dev-perl/Cache-Memcached
- dev-perl/Cache-Memcached-Fast
- dev-perl/CryptX
- dev-perl/FCGI
- dev-perl/GD
- dev-perl/Net-SSLeay
- )"
-# Unpackaged perl modules which would be used by tests
-# Protocol::WebSocket
-# SCGI
-
-# Uwsgi doesn't start in tests
-# www-servers/uwsgi
-
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
- ktls? ( ssl )
- nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
- nginx_modules_http_grpc? ( http2 )
- nginx_modules_http_lua? (
- ${LUA_REQUIRED_USE}
- nginx_modules_http_rewrite
- pcre
- !pcre2
- )
- nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
- nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
- nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
- nginx_modules_http_security? ( pcre )
- nginx_modules_http_push_stream? ( ssl )
- nginx_modules_http_vod? ( threads )"
-
-pkg_setup() {
- NGINX_HOME="/var/lib/nginx"
- NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
- if use libatomic; then
- ewarn "GCC 4.1+ features built-in atomic operations."
- ewarn "Using libatomic_ops is only needed if using"
- ewarn "a different compiler or a GCC prior to 4.1"
- fi
-
- if [[ -n $NGINX_ADD_MODULES ]]; then
- ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
- ewarn "This nginx installation is not supported!"
- ewarn "Make sure you can reproduce the bug without those modules"
- ewarn "_before_ reporting bugs."
- fi
-
- if use !http; then
- ewarn "To actually disable all http-functionality you also have to disable"
- ewarn "all nginx http modules."
- fi
-
- if use nginx_modules_http_mogilefs && use threads; then
- eerror "mogilefs won't compile with threads support."
- eerror "Please disable either flag and try again."
- die "Can't compile mogilefs with threads support"
- fi
-
- use nginx_modules_http_lua && lua-single_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
- eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
- if use nginx_modules_http_auth_ldap; then
- cd "${HTTP_LDAP_MODULE_WD}" || die
- eapply "${FILESDIR}/${PN}-1.23.2-mod_auth_ldap-fix.patch"
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_javascript; then
- cd "${NJS_MODULE_WD}" || die
- sed -e 's/-Werror//g' -i auto/cc || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_sticky; then
- cd "${HTTP_STICKY_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_naxsi; then
- cd "${HTTP_NAXSI_MODULE_WD}" || die
- rm -r libinjection || die
- mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_brotli; then
- cd "${HTTP_BROTLI_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upstream_check; then
- eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
- fi
-
- if use nginx_modules_http_cache_purge; then
- cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_upload_progress; then
- cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
- eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_security ; then
- cd "${HTTP_SECURITY_MODULE_WD}" || die
- eapply "${FILESDIR}/http_security-nginx-1.26.2.patch"
- cd "${S}" || die
- fi
-
- find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
- # We have config protection, don't rename etc files
- sed -i 's:.default::' auto/install || die
- # remove useless files
- sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
- # don't install to /etc/nginx/ if not in use
- local module
- for module in fastcgi scgi uwsgi ; do
- if ! use nginx_modules_http_${module}; then
- sed -i -e "/${module}/d" auto/install || die
- fi
- done
-
- eapply_user
-}
-
-src_configure() {
- local myconf=() http_enabled= mail_enabled= stream_enabled=
-
- use aio && myconf+=( --with-file-aio )
- use debug && myconf+=( --with-debug )
- use http2 && myconf+=( --with-http_v2_module )
- use http3 && myconf+=( --with-http_v3_module )
- use ktls && myconf+=( --with-openssl-opt=enable-ktls )
- use libatomic && myconf+=( --with-libatomic )
- use pcre && myconf+=( --with-pcre --without-pcre2 )
- use pcre-jit && myconf+=( --with-pcre-jit )
- use threads && myconf+=( --with-threads )
-
- # HTTP modules
- for mod in $NGINX_MODULES_STD; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- else
- myconf+=( --without-http_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_OPT; do
- if use nginx_modules_http_${mod}; then
- http_enabled=1
- myconf+=( --with-http_${mod}_module )
- fi
- done
-
- if use nginx_modules_http_fastcgi; then
- myconf+=( --with-http_realip_module )
- fi
-
- # third-party modules
- if use nginx_modules_http_upload_progress; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_headers_more; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_cache_purge; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
- fi
-
- if use nginx_modules_http_fancyindex; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
- fi
-
- if use nginx_modules_http_lua; then
- http_enabled=1
- export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
- export LUAJIT_INC=$(lua_get_include_dir)
- myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
- myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_pam; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_upstream_check; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
- fi
-
- if use nginx_modules_http_metrics; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_naxsi ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
- fi
-
- if use rtmp ; then
- http_enabled=1
- myconf+=( --add-module=${RTMP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_dav_ext ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
- fi
-
- if use nginx_modules_http_echo ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
- fi
-
- if use nginx_modules_http_security ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_push_stream ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
- fi
-
- if use nginx_modules_http_sticky ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
- fi
-
- if use nginx_modules_http_mogilefs ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_memc ; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
- fi
-
- if use nginx_modules_http_auth_ldap; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
- fi
-
- if use nginx_modules_http_vhost_traffic_status; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
- fi
-
- if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
- myconf+=( --add-module=${GEOIP2_MODULE_WD} )
- fi
-
- if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
- myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
- fi
-
- if use nginx_modules_http_brotli; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
- fi
-
- if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then
- http_enabled=1
- fi
-
- if use nginx_modules_http_vod; then
- http_enabled=1
- myconf+=( --add-module=${HTTP_VOD_MODULE_WD} )
- fi
-
- if [ $http_enabled ]; then
- use http-cache || myconf+=( --without-http-cache )
- use ssl && myconf+=( --with-http_ssl_module )
- else
- myconf+=( --without-http --without-http-cache )
- fi
-
- # Stream modules
- for mod in $NGINX_MODULES_STREAM_STD; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- else
- myconf+=( --without-stream_${mod}_module )
- fi
- done
-
- for mod in $NGINX_MODULES_STREAM_OPT; do
- if use nginx_modules_stream_${mod}; then
- stream_enabled=1
- myconf+=( --with-stream_${mod}_module )
- fi
- done
-
- if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
- stream_enabled=1
- fi
-
- if [ $stream_enabled ]; then
- myconf+=( --with-stream )
- use ssl && myconf+=( --with-stream_ssl_module )
- fi
-
- # MAIL modules
- for mod in $NGINX_MODULES_MAIL; do
- if use nginx_modules_mail_${mod}; then
- mail_enabled=1
- else
- myconf+=( --without-mail_${mod}_module )
- fi
- done
-
- if [ $mail_enabled ]; then
- myconf+=( --with-mail )
- use ssl && myconf+=( --with-mail_ssl_module )
- fi
-
- # custom modules
- for mod in $NGINX_ADD_MODULES; do
- myconf+=( --add-module=${mod} )
- done
-
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- tc-export AR CC
-
- if ! use prefix; then
- myconf+=( --user=${PN} )
- myconf+=( --group=${PN} )
- fi
-
- if [[ -n "${EXTRA_ECONF}" ]]; then
- myconf+=( ${EXTRA_ECONF} )
- ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
- fi
-
- ./configure \
- --prefix="${EPREFIX}"/usr \
- --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
- --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
- --pid-path="${EPREFIX}"/run/${PN}.pid \
- --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
- --with-cc-opt="-I${ESYSROOT}/usr/include" \
- --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
- --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
- --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
- --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
- --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
- --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
- --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
- --with-compat \
- "${myconf[@]}" || die "configure failed"
-
- # A purely cosmetic change that makes nginx -V more readable. This can be
- # good if people outside the gentoo community would troubleshoot and
- # question the users setup.
- sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
- # https://bugs.gentoo.org/286772
- export LANG=C LC_ALL=C
- emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
-
- newinitd "${FILESDIR}"/nginx.initd-r4 nginx
- newconfd "${FILESDIR}"/nginx.confd nginx
-
- systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
- doman man/nginx.8
- dodoc CHANGES* README
-
- # just keepdir. do not copy the default htdocs files (bug #449136)
- keepdir /var/www/localhost
- rm -rf "${ED}"/usr/html || die
-
- # set up a list of directories to keep
- local keepdir_list="${NGINX_HOME_TMP}"/client
- local module
- for module in proxy fastcgi scgi uwsgi; do
- use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
- done
-
- keepdir /var/log/nginx ${keepdir_list}
-
- # this solves a problem with SELinux where nginx doesn't see the directories
- # as root and tries to create them as nginx
- fperms 0750 "${NGINX_HOME_TMP}"
- fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
- fperms 0700 ${keepdir_list}
- fowners ${PN}:${PN} ${keepdir_list}
-
- fperms 0710 /var/log/nginx
- fowners 0:${PN} /var/log/nginx
-
- # logrotate
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
- # Don't create /run
- rm -rf "${ED}"/run || die
-
- if use lua_single_target_luajit; then
- pax-mark m "${ED}/usr/sbin/nginx"
- fi
-
- if use nginx_modules_http_perl; then
- cd "${S}"/objs/src/http/modules/perl/ || die
- emake DESTDIR="${D}" INSTALLDIRS=vendor
- perl_delete_localpod
- cd "${S}" || die
- fi
-
- if use nginx_modules_http_cache_purge; then
- docinto ${HTTP_CACHE_PURGE_MODULE_P}
- dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
- fi
-
- if use nginx_modules_http_slowfs_cache; then
- docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
- dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
- fi
-
- if use nginx_modules_http_fancyindex; then
- docinto ${HTTP_FANCYINDEX_MODULE_P}
- dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_lua; then
- docinto ${HTTP_LUA_MODULE_P}
- dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_pam; then
- docinto ${HTTP_AUTH_PAM_MODULE_P}
- dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
- fi
-
- if use nginx_modules_http_upstream_check; then
- docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
- dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
- fi
-
- if use nginx_modules_http_naxsi; then
- insinto /etc/nginx/naxsi
- doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
- doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
- doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
- fi
-
- if use rtmp; then
- docinto ${RTMP_MODULE_P}
- dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
- fi
-
- if use nginx_modules_http_dav_ext; then
- docinto ${HTTP_DAV_EXT_MODULE_P}
- dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
- fi
-
- if use nginx_modules_http_echo; then
- docinto ${HTTP_ECHO_MODULE_P}
- dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_security; then
- docinto ${HTTP_SECURITY_MODULE_P}
- dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
- fi
-
- if use nginx_modules_http_push_stream; then
- docinto ${HTTP_PUSH_STREAM_MODULE_P}
- dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
- fi
-
- if use nginx_modules_http_sticky; then
- docinto ${HTTP_STICKY_MODULE_P}
- dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
- fi
-
- if use nginx_modules_http_memc; then
- docinto ${HTTP_MEMC_MODULE_P}
- dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
- fi
-
- if use nginx_modules_http_auth_ldap; then
- docinto ${HTTP_LDAP_MODULE_P}
- dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
- fi
-
- if use nginx_modules_http_vod; then
- docinto ${HTTP_VOD_MODULE_P}
- dodoc "${HTTP_VOD_MODULE_WD}"/{CHANGELOG,README}.md
- fi
-}
-
-src_test() {
- pushd "${WORKDIR}"/nginx-tests-"${NGINX_TESTS_REV}" > /dev/null || die
-
- # FIXME: unsure why uwsgi fails to start
- rm uwsgi*.t || die
-
- local -x TEST_NGINX_BINARY="${S}/objs/nginx"
- local -x TEST_NGINX_VERBOSE=1
-
- prove -v -j $(makeopts_jobs) . || die
- popd > /dev/null || die
-}
-
-pkg_postinst() {
- if use ssl; then
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
- install_cert /etc/ssl/${PN}/${PN}
- use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
- fi
- fi
-
- if use nginx_modules_http_spdy; then
- ewarn ""
- ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
- ewarn "Update your configs and package.use accordingly."
- fi
-
- if use nginx_modules_http_lua; then
- ewarn ""
- ewarn "While you can build lua 3rd party module against ${P}"
- ewarn "the author warns that >=${PN}-1.11.11 is still not an"
- ewarn "officially supported target yet. You are on your own."
- ewarn "Expect runtime failures, memory leaks and other problems!"
- fi
-
- if use nginx_modules_http_lua && use http2; then
- ewarn ""
- ewarn "Lua 3rd party module author warns against using ${P} with"
- ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
- fi
-
- local _n_permission_layout_checks=0
- local _has_to_adjust_permissions=0
- local _has_to_show_permission_warning=0
-
- # Defaults to 1 to inform people doing a fresh installation
- # that we ship modified {scgi,uwsgi,fastcgi}_params files
- local _has_to_show_httpoxy_mitigation_notice=1
-
- local _replacing_version=
- for _replacing_version in ${REPLACING_VERSIONS}; do
- _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
- if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
- # Should never happen:
- # Package is abusing slots but doesn't allow multiple parallel installations.
- # If we run into this situation it is unsafe to automatically adjust any
- # permission...
- _has_to_show_permission_warning=1
-
- ewarn "Replacing multiple ${PN}' versions is unsupported! " \
- "You will have to adjust permissions on your own."
-
- break
- fi
-
- local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
- debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
- # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
- # This was before we introduced multiple nginx versions so we
- # do not need to distinguish between stable and mainline
- local _need_to_fix_CVE2013_0337=1
-
- if ver_test ${_replacing_version} -ge 1.4.1-r2; then
- # We are updating an installation which should already be fixed
- _need_to_fix_CVE2013_0337=0
- debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2013-0337!"
- fi
-
- # Do we need to inform about HTTPoxy mitigation?
- # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.1-r2"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.3-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that the user has
- # already seen the HTTPoxy mitigation notice because he/she is doing
- # an update from previous version where we have already shown
- # the warning. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation where we already informed
- # that we are mitigating HTTPoxy per default
- _has_to_show_httpoxy_mitigation_notice=0
- debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
- else
- _has_to_show_httpoxy_mitigation_notice=1
- debug-print "Need to inform about HTTPoxy mitigation!"
- fi
- fi
-
- # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
- # All branches up to 1.11 are affected
- local _need_to_fix_CVE2016_1247=1
-
- if ver_test ${_replacing_version_branch} -lt 1.10; then
- # Updating from <1.10
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- else
- # Updating from >=1.10
- local _fixed_in_pvr=
- case "${_replacing_version_branch}" in
- "1.10")
- _fixed_in_pvr="1.10.2-r3"
- ;;
- "1.11")
- _fixed_in_pvr="1.11.6-r1"
- ;;
- *)
- # This should be any future branch.
- # If we run this code it is safe to assume that we have already
- # adjusted permissions or were never affected because user is
- # doing an update from previous version which was safe or did
- # the adjustments. Otherwise, we wouldn't hit this code path ...
- _fixed_in_pvr=
- esac
-
- if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
- # We are updating an installation which should already be adjusted
- # or which was never affected
- _need_to_fix_CVE2016_1247=0
- debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
- else
- _has_to_adjust_permissions=1
- debug-print "Need to adjust permissions to fix CVE-2016-1247!"
- fi
- fi
- done
-
- if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
- # We do not DIE when chmod/chown commands are failing because
- # package is already merged on user's system at this stage
- # and we cannot retry without losing the information that
- # the existing installation needs to adjust permissions.
- # Instead we are going to a show a big warning ...
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
- ewarn ""
- ewarn "The world-readable bit (if set) has been removed from the"
- ewarn "following directories to mitigate a security bug"
- ewarn "(CVE-2013-0337, bug #458726):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
- chmod o-rwx \
- "${EPREFIX}"/var/log/nginx \
- "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
- _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
- ewarn ""
- ewarn "The permissions on the following directory have been reset in"
- ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Check if this is correct for your setup before restarting nginx!"
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- ewarn "This is a one-time change and will not happen on subsequent updates."
- chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
- fi
-
- if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
- # Should never happen ...
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "The one-time only attempt to adjust permissions of the"
- ewarn "existing nginx installation failed. Be aware that we will not"
- ewarn "try to adjust the same permissions again because now you are"
- ewarn "using a nginx version where we expect that the permissions"
- ewarn "are already adjusted or that you know what you are doing and"
- ewarn "want to keep custom permissions."
- ewarn ""
- fi
- fi
-
- # Sanity check for CVE-2016-1247
- # Required to warn users who received the warning above and thought
- # they could fix it by unmerging and re-merging the package or have
- # unmerged a affected installation on purpose in the past leaving
- # /var/log/nginx on their system due to keepdir/non-empty folder
- # and are now installing the package again.
- local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
- su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
- if [ $? -eq 0 ] ; then
- # Cleanup -- no reason to die here!
- rm -f "${_sanity_check_testfile}"
-
- ewarn ""
- ewarn "*************************************************************"
- ewarn "*************** W A R N I N G ***************"
- ewarn "*************************************************************"
- ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
- ewarn "(bug #605008) because nginx user is able to create files in"
- ewarn ""
- ewarn " ${EPREFIX}/var/log/nginx"
- ewarn ""
- ewarn "Also ensure that no other log directory used by any of your"
- ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
- ewarn "used by nginx can be abused to escalate privileges!"
- fi
-
- if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
- # HTTPoxy mitigation
- ewarn ""
- ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
- ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
- ewarn "the HTTP_PROXY parameter to an empty string per default when you"
- ewarn "are sourcing one of the default"
- ewarn ""
- ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
- ewarn " - 'scgi_params'"
- ewarn " - 'uwsgi_params'"
- ewarn ""
- ewarn "files in your server block(s)."
- ewarn ""
- ewarn "If this is causing any problems for you make sure that you are sourcing the"
- ewarn "default parameters _before_ you set your own values."
- ewarn "If you are relying on user-supplied proxy values you have to remove the"
- ewarn "correlating lines from the file(s) mentioned above."
- ewarn ""
- fi
-}
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-10-06 5:13 Patrick Lauer
0 siblings, 0 replies; 277+ messages in thread
From: Patrick Lauer @ 2024-10-06 5:13 UTC (permalink / raw
To: gentoo-commits
commit: 7bb39d881956dd090b6f57cba1c614b65057b370
Author: Patrick Lauer <patrick <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 6 05:13:07 2024 +0000
Commit: Patrick Lauer <patrick <AT> gentoo <DOT> org>
CommitDate: Sun Oct 6 05:13:07 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bb39d88
www-servers/nginx: Fix src_install
README is now .md
Signed-off-by: Patrick Lauer <patrick <AT> gentoo.org>
www-servers/nginx/nginx-1.27.2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www-servers/nginx/nginx-1.27.2.ebuild b/www-servers/nginx/nginx-1.27.2.ebuild
index 922754bbbec8..7588c9071150 100644
--- a/www-servers/nginx/nginx-1.27.2.ebuild
+++ b/www-servers/nginx/nginx-1.27.2.ebuild
@@ -746,7 +746,7 @@ src_install() {
systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
doman man/nginx.8
- dodoc CHANGES* README
+ dodoc CHANGES* README.md
# just keepdir. do not copy the default htdocs files (bug #449136)
keepdir /var/www/localhost
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-10-21 12:42 Joonas Niilola
0 siblings, 0 replies; 277+ messages in thread
From: Joonas Niilola @ 2024-10-21 12:42 UTC (permalink / raw
To: gentoo-commits
commit: 12b0ea77e4758351cc3d8980ebbca2109464cd37
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 21 12:42:12 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Oct 21 12:42:12 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12b0ea77
www-servers/nginx: add subslot binder to dev-libs/modsecurity
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
www-servers/nginx/{nginx-1.26.2-r4.ebuild => nginx-1.26.2-r5.ebuild} | 2 +-
www-servers/nginx/{nginx-1.27.2-r1.ebuild => nginx-1.27.2-r2.ebuild} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/www-servers/nginx/nginx-1.26.2-r4.ebuild b/www-servers/nginx/nginx-1.26.2-r5.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.26.2-r4.ebuild
rename to www-servers/nginx/nginx-1.26.2-r5.ebuild
index df9a7fc03956..c9f2c6dbf710 100644
--- a/www-servers/nginx/nginx-1.26.2-r4.ebuild
+++ b/www-servers/nginx/nginx-1.26.2-r5.ebuild
@@ -328,7 +328,7 @@ CDEPEND="
nginx_modules_http_auth_pam? ( sys-libs/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_security? ( dev-libs/modsecurity:= )
nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_http_vod? ( media-video/ffmpeg:0= )
nginx_modules_stream_geoip? ( dev-libs/geoip )
diff --git a/www-servers/nginx/nginx-1.27.2-r1.ebuild b/www-servers/nginx/nginx-1.27.2-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.27.2-r1.ebuild
rename to www-servers/nginx/nginx-1.27.2-r2.ebuild
index 1a85e9d9c4ec..aae446c4bf6a 100644
--- a/www-servers/nginx/nginx-1.27.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.27.2-r2.ebuild
@@ -328,7 +328,7 @@ CDEPEND="
nginx_modules_http_auth_pam? ( sys-libs/pam )
nginx_modules_http_metrics? ( dev-libs/yajl:= )
nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
- nginx_modules_http_security? ( dev-libs/modsecurity )
+ nginx_modules_http_security? ( dev-libs/modsecurity:= )
nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
nginx_modules_http_vod? ( media-video/ffmpeg:0= )
nginx_modules_stream_geoip? ( dev-libs/geoip )
^ permalink raw reply related [flat|nested] 277+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
@ 2024-10-22 22:31 Conrad Kostecki
0 siblings, 0 replies; 277+ messages in thread
From: Conrad Kostecki @ 2024-10-22 22:31 UTC (permalink / raw
To: gentoo-commits
commit: 48d21dd18d38564b018568acba34278a4624f6e4
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 22 22:30:49 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Oct 22 22:30:49 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48d21dd1
www-servers/nginx: update to njs-0.8.7
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
www-servers/nginx/Manifest | 2 +-
www-servers/nginx/{nginx-1.26.2-r5.ebuild => nginx-1.26.2-r6.ebuild} | 2 +-
www-servers/nginx/{nginx-1.27.2-r2.ebuild => nginx-1.27.2-r3.ebuild} | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a1a8b28e0e2b..2a7437985c74 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,4 +26,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
-DIST njs-0.8.6.tar.gz 879028 BLAKE2B cd6ef50feeeeeb66ac927a9373bac9612e1bd47ec1a6bf4115feac0c15f2e67a1970c19b1bc0fa751395b98eda303dc91547bffde648958935cca4ed531a0728 SHA512 418fb54cf4924a38a1cde661432e9432853a643289c299c347aa9e9b393013e504ea4f15698c885ecde7e7ccb249c51b6b1c2bab96024f82b9acb271d2d4acb9
+DIST njs-0.8.7.tar.gz 880217 BLAKE2B 4830398570430c038ab8c8225b1140978ae85dfaa575921bc74b8f0024c1f268348626d9b068a5748c0b54e0beda7eb88852610c14392f2bc0633a173e6b2350 SHA512 6a31d73c458bd5a21d1d1ba3eb4a8922cb3dd9ed900c91a76964203ee1418e4694b017e97272361710da9260412bfc1d4d45290d3488ae87983a0d4a6b0916e8
diff --git a/www-servers/nginx/nginx-1.26.2-r5.ebuild b/www-servers/nginx/nginx-1.26.2-r6.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.26.2-r5.ebuild
rename to www-servers/nginx/nginx-1.26.2-r6.ebuild
index c9f2c6dbf710..90c9be443f89 100644
--- a/www-servers/nginx/nginx-1.26.2-r5.ebuild
+++ b/www-servers/nginx/nginx-1.26.2-r6.ebuild
@@ -166,7 +166,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.6"
+NJS_MODULE_PV="0.8.7"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
diff --git a/www-servers/nginx/nginx-1.27.2-r2.ebuild b/www-servers/nginx/nginx-1.27.2-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.27.2-r2.ebuild
rename to www-servers/nginx/nginx-1.27.2-r3.ebuild
index aae446c4bf6a..3a072604cbfa 100644
--- a/www-servers/nginx/nginx-1.27.2-r2.ebuild
+++ b/www-servers/nginx/nginx-1.27.2-r3.ebuild
@@ -166,7 +166,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.8.6"
+NJS_MODULE_PV="0.8.7"
NJS_MODULE_P="njs-${NJS_MODULE_PV}"
NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
^ permalink raw reply related [flat|nested] 277+ messages in thread
end of thread, other threads:[~2024-10-22 22:31 UTC | newest]
Thread overview: 277+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-26 16:41 [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/ Thomas Deutschmann
-- strict thread matches above, loose matches on Subject: below --
2024-10-22 22:31 Conrad Kostecki
2024-10-21 12:42 Joonas Niilola
2024-10-06 5:13 Patrick Lauer
2024-10-05 23:00 Conrad Kostecki
2024-10-05 23:00 Conrad Kostecki
2024-10-05 23:00 Conrad Kostecki
2024-08-30 7:50 Joonas Niilola
2024-08-15 20:43 Conrad Kostecki
2024-06-27 15:40 Conrad Kostecki
2024-05-30 6:54 Conrad Kostecki
2024-05-30 2:09 Sam James
2024-05-30 2:09 Sam James
2024-05-30 0:05 Sam James
2024-05-30 0:05 Sam James
2024-05-29 22:58 Conrad Kostecki
2024-05-29 22:58 Conrad Kostecki
2024-05-29 22:58 Conrad Kostecki
2024-05-24 2:46 Ionen Wolkens
2024-04-24 12:42 Conrad Kostecki
2024-04-24 12:42 Conrad Kostecki
2024-04-24 12:42 Conrad Kostecki
2024-04-23 22:47 Conrad Kostecki
2024-04-23 22:47 Conrad Kostecki
2024-04-23 22:47 Conrad Kostecki
2024-04-19 11:26 Sam James
2024-04-17 23:35 Sam James
2024-04-17 23:29 Sam James
2024-04-17 23:20 Yixun Lan
2024-04-17 22:10 Sam James
2024-04-17 22:10 Sam James
2024-04-17 22:10 Sam James
2024-04-17 22:01 Sam James
2024-04-17 11:08 Conrad Kostecki
2024-02-16 11:38 Joonas Niilola
2024-02-15 21:15 Sam James
2024-02-15 19:43 Jakov Smolić
2024-02-15 13:17 Joonas Niilola
2024-02-15 13:17 Joonas Niilola
2023-12-01 20:04 Arthur Zamarin
2023-12-01 20:04 Arthur Zamarin
2023-12-01 20:04 Arthur Zamarin
2023-12-01 20:04 Arthur Zamarin
2023-11-22 11:38 Sam James
2023-10-24 18:18 Conrad Kostecki
2023-09-29 7:27 WANG Xuerui
2023-08-19 22:29 Conrad Kostecki
2023-08-15 22:40 Conrad Kostecki
2023-07-15 21:14 Conrad Kostecki
2023-07-15 20:37 Conrad Kostecki
2023-07-15 3:10 Sam James
2023-07-15 0:53 Conrad Kostecki
2023-07-04 21:27 Conrad Kostecki
2023-07-04 8:30 Joonas Niilola
2023-07-03 13:47 Sam James
2023-07-03 13:30 Sam James
2023-07-02 1:18 Conrad Kostecki
2023-06-23 16:17 Joonas Niilola
2023-04-27 21:57 Conrad Kostecki
2023-04-27 21:57 Conrad Kostecki
2023-04-20 4:01 John Helmert III
2023-04-18 20:38 Conrad Kostecki
2023-04-01 16:30 Arthur Zamarin
2023-03-30 21:12 Conrad Kostecki
2023-02-01 11:36 Arthur Zamarin
2023-01-25 1:40 Sam James
2023-01-25 1:40 Sam James
2023-01-13 14:16 Arthur Zamarin
2023-01-08 6:59 Joonas Niilola
2022-12-30 23:41 Sam James
2022-12-13 21:58 Conrad Kostecki
2022-10-31 13:24 Conrad Kostecki
2022-10-31 13:24 Conrad Kostecki
2022-10-19 21:42 Conrad Kostecki
2022-10-19 14:43 Conrad Kostecki
2022-09-10 6:43 Jakov Smolić
2022-09-09 7:36 Agostino Sarubbo
2022-09-09 7:36 Agostino Sarubbo
2022-09-09 7:34 Agostino Sarubbo
2022-09-05 23:29 Conrad Kostecki
2022-09-05 23:29 Conrad Kostecki
2022-07-20 7:39 Conrad Kostecki
2022-07-19 19:38 Conrad Kostecki
2022-07-19 19:38 Conrad Kostecki
2022-07-19 17:44 Conrad Kostecki
2022-07-19 17:21 Conrad Kostecki
2022-07-19 17:21 Conrad Kostecki
2022-07-19 17:21 Conrad Kostecki
2022-07-15 7:25 Agostino Sarubbo
2022-07-15 7:22 Agostino Sarubbo
2022-07-15 7:21 Agostino Sarubbo
2022-07-15 6:00 Arthur Zamarin
2022-07-14 19:01 Conrad Kostecki
2022-07-09 21:30 Conrad Kostecki
2022-07-09 21:30 Conrad Kostecki
2022-06-08 8:46 Agostino Sarubbo
2022-06-08 8:43 Agostino Sarubbo
2022-06-08 8:43 Agostino Sarubbo
2022-06-08 8:42 Agostino Sarubbo
2022-03-23 0:45 Sam James
2022-01-26 2:31 Thomas Deutschmann
2022-01-06 9:07 David Seifert
2021-11-16 18:27 Thomas Deutschmann
2021-11-03 1:45 Thomas Deutschmann
2021-09-22 12:16 Thomas Deutschmann
2021-09-01 14:17 Thomas Deutschmann
2021-08-03 11:03 Sam James
2021-07-25 20:09 Sam James
2021-07-06 23:44 Thomas Deutschmann
2021-06-25 19:32 Sam James
2021-06-18 12:39 Thomas Deutschmann
2021-05-28 9:01 Thomas Deutschmann
2021-05-27 6:55 Agostino Sarubbo
2021-05-26 17:38 Thomas Deutschmann
2021-05-26 15:56 Thomas Deutschmann
2021-05-26 15:56 Thomas Deutschmann
2021-05-02 9:54 Mikle Kolyada
2021-04-13 18:16 Thomas Deutschmann
2021-04-13 18:16 Thomas Deutschmann
2021-04-05 13:45 Mike Gilbert
2021-03-30 17:45 Thomas Deutschmann
2021-03-09 18:46 Thomas Deutschmann
2021-02-21 2:17 Thomas Deutschmann
2021-02-03 21:44 Ben Kohler
2020-12-15 21:43 Thomas Deutschmann
2020-12-02 23:15 Thomas Deutschmann
2020-11-24 19:38 Thomas Deutschmann
2020-10-29 16:49 Thomas Deutschmann
2020-09-30 18:05 Thomas Deutschmann
2020-08-13 23:47 Thomas Deutschmann
2020-08-13 23:46 Thomas Deutschmann
2020-08-13 23:46 Thomas Deutschmann
2020-08-11 15:51 Thomas Deutschmann
2020-07-07 17:08 Thomas Deutschmann
2020-06-02 20:53 Thomas Deutschmann
2020-05-26 18:41 Thomas Deutschmann
2020-05-26 18:41 Thomas Deutschmann
2020-04-29 21:14 Thomas Deutschmann
2020-04-29 21:14 Thomas Deutschmann
2020-04-29 21:14 Thomas Deutschmann
2020-04-14 19:39 Thomas Deutschmann
2020-04-11 21:11 Thomas Deutschmann
2020-04-11 21:11 Thomas Deutschmann
2020-04-11 21:11 Thomas Deutschmann
2020-04-11 21:11 Thomas Deutschmann
2020-03-05 2:58 Thomas Deutschmann
2020-03-05 2:58 Thomas Deutschmann
2020-03-03 23:49 Thomas Deutschmann
2020-03-03 23:47 Thomas Deutschmann
2020-02-08 16:53 David Seifert
2020-01-22 21:49 Thomas Deutschmann
2019-12-31 3:19 Thomas Deutschmann
2019-12-24 15:20 Thomas Deutschmann
2019-11-19 14:45 Thomas Deutschmann
2019-10-22 21:01 Thomas Deutschmann
2019-10-12 18:14 Mikle Kolyada
2019-09-24 15:30 Thomas Deutschmann
2019-08-15 17:10 Thomas Deutschmann
2019-08-13 20:12 Thomas Deutschmann
2019-08-13 20:12 Thomas Deutschmann
2019-08-13 20:12 Thomas Deutschmann
2019-08-13 20:12 Thomas Deutschmann
2019-07-23 21:12 Thomas Deutschmann
2019-06-25 13:29 Thomas Deutschmann
2019-05-21 15:12 Thomas Deutschmann
2019-05-21 15:12 Thomas Deutschmann
2019-05-21 15:12 Thomas Deutschmann
2019-05-21 15:12 Thomas Deutschmann
2019-04-24 22:27 Thomas Deutschmann
2019-04-24 22:27 Thomas Deutschmann
2019-04-24 22:27 Thomas Deutschmann
2019-04-16 15:50 Thomas Deutschmann
2019-04-13 3:48 Thomas Deutschmann
2019-04-13 3:48 Thomas Deutschmann
2019-03-26 14:46 Thomas Deutschmann
2019-02-26 19:04 Thomas Deutschmann
2019-02-26 19:04 Thomas Deutschmann
2019-02-26 19:04 Thomas Deutschmann
2018-12-25 16:07 Thomas Deutschmann
2018-12-25 15:13 Thomas Deutschmann
2018-12-07 16:11 Thomas Deutschmann
2018-11-27 15:27 Thomas Deutschmann
2018-11-07 23:44 Thomas Deutschmann
2018-11-06 21:33 Mikle Kolyada
2018-11-06 16:04 Thomas Deutschmann
2018-10-02 16:04 Thomas Deutschmann
2018-10-02 16:04 Thomas Deutschmann
2018-09-25 15:44 Thomas Deutschmann
2018-08-28 16:02 Thomas Deutschmann
2018-07-31 20:43 Thomas Deutschmann
2018-07-24 18:16 Thomas Deutschmann
2018-07-20 19:44 Thomas Deutschmann
2018-07-20 19:44 Thomas Deutschmann
2018-07-09 0:26 Mikle Kolyada
2018-07-04 3:17 Thomas Deutschmann
2018-07-03 16:01 Thomas Deutschmann
2018-07-03 15:56 Thomas Deutschmann
2018-06-22 10:37 Thomas Deutschmann
2018-06-22 10:37 Thomas Deutschmann
2018-06-21 14:04 Thomas Deutschmann
2018-04-17 17:24 Thomas Deutschmann
2018-04-17 16:37 Thomas Deutschmann
2018-04-10 19:29 Thomas Deutschmann
2018-04-03 15:52 Thomas Deutschmann
2018-02-20 15:24 Thomas Deutschmann
2018-02-01 20:49 Thomas Deutschmann
2018-01-02 0:00 Mikle Kolyada
2017-12-26 16:41 Thomas Deutschmann
2017-12-26 16:34 Thomas Deutschmann
2017-11-21 16:04 Thomas Deutschmann
2017-10-30 0:01 Jonas Stein
2017-10-17 16:23 Thomas Deutschmann
2017-10-10 18:58 Thomas Deutschmann
2017-09-13 15:05 Fabian Groffen
2017-09-05 16:50 Thomas Deutschmann
2017-07-12 8:18 Agostino Sarubbo
2017-07-12 8:17 Agostino Sarubbo
2017-07-11 16:30 Thomas Deutschmann
2017-06-27 16:39 Thomas Deutschmann
2017-05-30 15:42 Thomas Deutschmann
2017-04-26 8:29 Thomas Deutschmann
2017-04-14 10:51 Thomas Deutschmann
2017-04-04 18:25 Thomas Deutschmann
2017-04-04 18:25 Thomas Deutschmann
2017-03-27 10:25 Thomas Deutschmann
2017-03-22 14:22 Agostino Sarubbo
2017-02-14 17:06 Thomas Deutschmann
2017-01-31 17:51 Thomas Deutschmann
2017-01-31 17:51 Thomas Deutschmann
2017-01-24 17:58 Thomas Deutschmann
2017-01-16 14:26 Thomas Deutschmann
2017-01-10 15:22 Agostino Sarubbo
2017-01-10 14:56 Agostino Sarubbo
2017-01-07 23:43 Thomas Deutschmann
2016-11-15 21:49 Thomas Deutschmann
2016-10-19 0:01 Thomas Deutschmann
2016-10-15 19:04 Thomas Deutschmann
2016-10-12 19:48 Thomas Deutschmann
2016-09-03 21:35 Thomas Deutschmann
2016-09-03 21:10 Thomas Deutschmann
2016-08-15 11:35 Thomas Deutschmann
2016-08-10 20:44 Thomas Deutschmann
2016-07-26 9:51 Lars Wendler
2016-07-26 9:51 Lars Wendler
2016-06-13 12:27 Agostino Sarubbo
2016-06-13 12:26 Agostino Sarubbo
2016-06-11 15:48 Kristian Fiskerstrand
2016-06-11 15:48 Kristian Fiskerstrand
2016-05-07 22:34 Patrice Clement
2016-05-04 14:19 Manuel Rüger
2016-05-04 14:19 Manuel Rüger
2016-04-24 18:16 Manuel Rüger
2016-04-24 16:03 Manuel Rüger
2016-04-10 0:43 Manuel Rüger
2016-03-31 3:44 Ian Delaney
2016-03-06 17:21 Manuel Rüger
2016-03-03 10:35 Jason Donenfeld
2016-03-03 7:44 Patrice Clement
2016-03-02 16:17 Jason Donenfeld
2016-02-07 22:04 Manuel Rüger
2016-02-07 22:04 Manuel Rüger
2016-02-06 15:31 Manuel Rüger
2016-02-06 14:59 Manuel Rüger
2016-02-03 21:49 Manuel Rüger
2016-02-03 21:49 Manuel Rüger
2016-02-03 21:13 Manuel Rüger
2016-02-03 16:54 Agostino Sarubbo
2016-02-03 16:53 Agostino Sarubbo
2016-02-02 19:19 Manuel Rüger
2016-02-02 19:19 Manuel Rüger
2015-11-19 21:31 Manuel Rüger
2015-11-07 12:45 Manuel Rüger
2015-10-27 20:12 Manuel Rüger
2015-10-15 22:08 Manuel Rüger
2015-10-15 22:08 Manuel Rüger
2015-08-31 19:30 Manuel Rüger
2015-08-31 19:28 Manuel Rüger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox